Kerio Tech Firewall6 User Manual

Page 89

Advertising
background image

7.4 Basic Traffic Rule Types

89

Figure 7.23

Traffic rule that makes the local web server available from the Internet

Source

Mapped services can be accessed by clients both from the Internet and from the local

network. For this reason, it is possible to keep the Any value in the Source entry (or it

is possible to list all relevant interface groups or individual groups — e.g. Internet and

LAN).

Destination

The WinRoute host labelled as Firewall, which represents all IP addresses bound to the

firewall host.

This service will be available at all addresses of the interface connected to the Internet.

To make the service available at a particular IP address, use the Host option and specify

the IP address (see the multihoming example).

Service

Services to be available. You can select one of the predefined services (see chapter

14.3

)

or define an appropriate service with protocol and port number.

Any service that is intended to be mapped to one host can be defined in this entry. To

map services for other hosts you will need to create a new traffic rule.

Action

Select the Allow option, otherwise all traffic will be blocked and the function of port

mapping will be irrelevant.

Translation

In the Destination NAT (Port Mapping) section select the Translate to IP address option and

specify the IP address of the host within the local network where the service is running.

Using the Translate port to option you can map a service to a port which is different from

the one where the service is available from the Internet.

Warning

In the Source NAT section should be set to the No Translation option. Combining source

and destination IP address translation is relevant under special conditions only .

Note: For proper functionality of port mapping, the locally hosted server must point to

the WinRoute firewall as the default gateway. Port mapping will not function well unless

this condition is met.

Placing the rule

As already mentioned, mapped services can be accessed also from the local network.

During access from the local network, connection is established from the local (private)

IP address to an IP address in the Internet (the firewall’s public IP address). If the rule

for mapped service is preceded by a rule allowing access from the local network to the

Internet, according to this rule the packet would be directed to the Internet and then

Advertising
Popular Brands
Popular manuals