Kerio Tech Firewall6 User Manual

Chapter 7

Traffic Policy

90

dropped. Therefore, it is recommended to put all rules for mapped services at the top of

the table of traffic rules.

Note: If there are separate rules limiting access to mapped services, these rules must

precede mapping rules. It is usually possible to combine service mapping and access

restriction in a single rule.

Multihoming

Multihoming is a term used for situations when one network interface connected to the In-

ternet uses multiple public IP addresses. Typically, multiple services are available through

individual IP addresses (this implies that the services are mutually independent).

In the local network a web server web1 with IP address 192.168.1.100 and a web server web2

with IP address 192.168.1.200 are running in the local network. The interface connected to

the Internet uses two public IP addresses — 63.157.211.10 and 63.157.211.11. We want

the server web1 to be available from the Internet at the IP address 63.157.211.10, the server

web2

at the IP address 63.157.211.11.

The two following traffic rules must be defined in WinRoute to enable this configuration:

Figure 7.24

Multihoming — web servers mapping

Source

Any (see the previous example referring to mapping of single service).

Destination

An appropriate IP address of the interface connected to the Internet (use the Host option

for insertion of an IP address).

Service

Service which will be available through this interface (the HTTP service in case of a Web

server).

Action

Select the Allow option, otherwise all traffic will be blocked and the function of port

mapping will be irrelevant.

Translation

Go to the Destination NAT (Port Mapping) section, select the Translate to IP address option

and specify IP address of a corresponding Web server (web1 or web2).