DMZ and Static NAT

From Wiki of WFilter NG Firewall
Revision as of 17:39, 19 April 2016 by WFilter (Talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search


1 Introduction

Though "DMZ" and "Static NAT" both can publish local network services, they have differences:

  • "DMZ" equals "port forwarding on all ports". Visits to WAN interfaces will be redirected to the DMZ host(except of the excepted ports). Usually, you shall have ONE DMZ host.
  • "Static NAT" provides one-to-one NAT for local hosts. When you have multiple static public ip addresses, you can publish different services on every public ip. For example, "3 public ip addresses, IP1 for internet access, IP2 for web server, IP2 for FTP server."

So,

  • If you don't have a static public IP, you shall use "port forwarding" or "DMZ" to publish local network services.
  • If you have multiple static public IP addresses, you're recommended to add "Static NAT" rules for service publishing.

2 Forwarding and DMZ

  • Forwarding: map a WAN port to local host.

Port forward01.png

  • DMZ: port forwarding on all ports.

Dmz01.png

3 Static NAT

You need to define "Local IP" and choose a public IP.

Nat01.png

Retrieved from "http://wiki.wfilterngf.com/index.php?title=DMZ_Static_NAT&oldid=352"
Personal tools
Namespaces

Variants
Actions
Navigation
Tools