Configuring ip port forwarding – Enterasys Networks ANG-1000 User Manual
Page 47
Aurorean Network Gateway-1000 User’s Guide
35
Chapter 3
Configuring the ANG-1000 with Aurorean Web Config
NOTE
If you press the reset button after you have configured your ANG-1000,
you will lose your entire configuration. Any settings you have changed
from factory defaults, such as firewall rules, will be removed. We
recommend that you save these settings to a Notepad file which you then
can reference if you are compelled to use the reset button.
Configuring IP Port Forwarding
ANG-1000’s support of IP Port Forwarding permits you to make servers on
the trusted network of the ANG-1000 available to the rest of the VPN. In
contrast to Network Address Translation (NAT), which allows access to
external-side servers initiated by internal-side hosts, Port Forwarding permits
access to internal-side servers initiated by external-side hosts.
This is accomplished by rewriting the headers of all packets bound for the
ANG-1000 and forwarding them to another host on the trusted-side of the
network, depending on their destination port (port numbers corresponding
to standard, well-known protocols). The IP addresses are re-written so that
incoming IP (TCP and UDP) packets are forwarded to their intended
destinations, and the reply packets are re-written to appear to be coming from
the ANG-1000.
This process requires static, known values for the following:
H The IP address assigned to ANG-1000 by the VPN. This address is in
RiverMaster in the ANG-1000's user account and may not be
assigned dynamically via pools or virtual subnets.
H The IP address of the server on the ANG-1000 trusted network (one
server per protocol). This may not be dynamically assigned by the
ANG-1000 via DHCP.
H The protocol (TCP or UDP) and the protocol port number.
IP Port Forwarding is configured by editing the ipportfw command in the
ipfwrules configuration file in the Config Editor tool of the Web Config. The
ipportfw commands should be entered at the end of the ipfwrules file.