DMZ Static NAT

From Wiki of WFilter NG Firewall
(Difference between revisions)
Jump to: navigation, search
(Created page with "{{DISPLAYTITLE:DMZ and Static NAT}} = Introduction = Though "DMZ" and "Static NAT" both can publish local network services, they have differences: * "DMZ" equals "port forwar...")
 
Line 1: Line 1:
{{DISPLAYTITLE:DMZ and Static NAT}}
+
{{DISPLAYTITLE:Forwarding, DMZ and Static NAT}}
  
 
= Introduction =
 
= Introduction =
Though "DMZ" and "Static NAT" both can publish local network services, they have differences:
 
* "DMZ" equals "port forwarding on all ports". Visits to WAN interfaces will be redirected to the DMZ host(except of the excepted ports). Usually, you shall have ONE DMZ host.
 
* "Static NAT" provides one-to-one NAT for local hosts. When you have multiple static public ip addresses, you can publish different services on every public ip. For example, "3 public ip addresses, IP1 for internet access, IP2 for web server, IP2 for FTP server."
 
  
So,
+
"Port Forwarding", "DMZ" and "Static NAT" are all redirecting firewall rules.
* If you don't have a static public IP, you shall use "port forwarding" or "DMZ" to publish local network services.
+
* "Port Forwarding" : forword packets on certain port(s).
* If you have multiple static public IP addresses, you're recommended to add "Static NAT" rules for service publishing.
+
* "DMZ" equals "port forwarding on all ports". Visits to WAN interfaces will be redirected to the DMZ host(except of the excepted ports).  
 +
* "Static NAT" provides one-to-one NAT for local hosts.
  
= Forwarding and DMZ =
+
= Port Forwarding =
 
* Forwarding: map a WAN port to local host.
 
* Forwarding: map a WAN port to local host.
 
[[File:port_forward01.png|900px]]
 
[[File:port_forward01.png|900px]]
 +
** WAN: target WAN IP address.
 +
** Source Port: target port to the WAN interface.
 +
** Target IP: "redirected to" local host IP.
 +
** Target Port: "redirected to" port, leave it blank for same as the source port.
 +
 +
= DMZ =
  
 
* DMZ: port forwarding on all ports.
 
* DMZ: port forwarding on all ports.
Line 22: Line 26:
  
 
[[File:nat01.png|900px]]
 
[[File:nat01.png|900px]]
 +
** Single: a single IP(192.168.10.100) or subnet(192.168.10.0/24).
 +
** Range: an IP range.
  
 
[[Category:Firewall]]
 
[[Category:Firewall]]

Revision as of 23:10, 24 May 2017


Contents

1 Introduction

"Port Forwarding", "DMZ" and "Static NAT" are all redirecting firewall rules.

  • "Port Forwarding" : forword packets on certain port(s).
  • "DMZ" equals "port forwarding on all ports". Visits to WAN interfaces will be redirected to the DMZ host(except of the excepted ports).
  • "Static NAT" provides one-to-one NAT for local hosts.

2 Port Forwarding

  • Forwarding: map a WAN port to local host.

Port forward01.png

    • WAN: target WAN IP address.
    • Source Port: target port to the WAN interface.
    • Target IP: "redirected to" local host IP.
    • Target Port: "redirected to" port, leave it blank for same as the source port.

3 DMZ

  • DMZ: port forwarding on all ports.

Dmz01.png

4 Static NAT

You need to define "Local IP" and choose a public IP.

Nat01.png

    • Single: a single IP(192.168.10.100) or subnet(192.168.10.0/24).
    • Range: an IP range.
Retrieved from "http://wiki.wfilterngf.com/index.php?title=DMZ_Static_NAT&oldid=586"
Personal tools
Namespaces

Variants
Actions
Navigation
Tools