Author Topic: NAT, Port Forwarding, Firewall Rules, Public IPs (Read 4222 times)

thegadget · « **on:** August 30, 2017, 07:12:14 pm »

Howdy! I hate to ask this question, but following what documentation I have found on the web I am unable to get a working port forward. Here is what I am trying to do:

2 Web servers:
Public IP
x.x.121.10, x.x.121.11
Internal IP
x.x.195.101, x.x.195.103
Ports forwarded
80,443,8443

I have setup the Aliases for all IPs and Ports. I am having trouble creating the NAT and rule. So after I create NAT, all traffic is killed on the network. I looked through the forums, and am unable to find this info in 17.7. If you have a link or could point me in the right direction, I would appreciate it.

franco · « **Reply #1 on:** August 30, 2017, 07:20:35 pm »

Hi there,

You'll need three separate rules under Firewall: NAT: Port Forward for each individual port.

Unless x.x.121.10, x.x.121.11 are IPs from the WAN, then you must use Firewall: NAT: One to One and forward the whole IP.

Cheers,
Franco

thegadget · « **Reply #2 on:** August 30, 2017, 07:25:32 pm »

Yes, the 121.10 IP addresses are public and on the wan interface.

thegadget · « **Reply #3 on:** August 30, 2017, 07:27:20 pm »

I only want the three ports forwarded, not all ports if that makes any sense. Does the one-to-one forward all ports?

hutiucip · « **Reply #4 on:** August 30, 2017, 07:50:37 pm »

Yes, 1 to 1 NAT forwards the whole IP with whole its ports: 1 to 1 NAT means 1 (public IP, all ports) to 1 (private IP, all ports, respectively). You can think of it as an in between 2 IPs (one public, one private) mirroring/ cloning.

ChrisH · « **Reply #5 on:** August 31, 2017, 10:37:59 am »

Quote from: franco on August 30, 2017, 07:20:35 pm

You'll need three separate rules under Firewall: NAT: Port Forward for each individual port.

He could create a port alias with those three ports. Then he needs only two NAT: Port Forward rules, one for each IP. No?

hutiucip · « **Reply #6 on:** August 31, 2017, 11:28:36 am »

Quote from: ChrisH on August 31, 2017, 10:37:59 am

Quote from: franco on August 30, 2017, 07:20:35 pm
You'll need three separate rules under Firewall: NAT: Port Forward for each individual port.
He could create a port alias with those three ports. Then he needs only two NAT: Port Forward rules, one for each IP. No?

Yes!

Only that I wouldn't go this way, since ports 80 and 443 are standard HTTP/S ports: what if, in the future, he would want to connect to other services/ machines on these ports?

So I would use ha-proxy to do a reverse proxy for these two servers, with rules conditioned by corresponding URL strings.

thegadget · « **Reply #7 on:** August 31, 2017, 10:59:32 pm »

Thank you guys for all your input. I got it running like a champ.

Author Topic: NAT, Port Forwarding, Firewall Rules, Public IPs (Read 4222 times)

thegadget

NAT, Port Forwarding, Firewall Rules, Public IPs

franco

Re: NAT, Port Forwarding, Firewall Rules, Public IPs

thegadget

Re: NAT, Port Forwarding, Firewall Rules, Public IPs

thegadget

Re: NAT, Port Forwarding, Firewall Rules, Public IPs

hutiucip

Re: NAT, Port Forwarding, Firewall Rules, Public IPs

ChrisH

Re: NAT, Port Forwarding, Firewall Rules, Public IPs

hutiucip

Re: NAT, Port Forwarding, Firewall Rules, Public IPs

thegadget

Re: NAT, Port Forwarding, Firewall Rules, Public IPs