Reverse static nat, Reverse napt / virtual server, Acl rule configuration parameters – Asus RX3041H User Manual

RX3041H User’s Manual

Chapter 9. Configuring Firewall/NAT Settings

55

9.2.4

Reverse Static NAT

Reverse static NAT maps a globally valid IP address to an internal host address for the inbound traffic. All
packets coming to that globally valid IP address are relayed to the Internal address. This is useful when
hosting services in an internal machine. Figure 9.5 shows that four globally valid IP addresses are mapped to
four hosts on the internal network and each can be used to host some services for inbound traffic, e.g. FTP
server.

9.2.5 Reverse

NAPT

/ Virtual Server

Reverse NAPT is also called inbound mapping, port mapping, or virtual server. Any packet coming to the
RX3041H can be relayed to the internal host based on the protocol, port number and/or IP address specified in
the ACL rule. This is useful when multiple services are hosted on different internal machines. Figure 9.6 shows
that web server (TCP/80) is hosted on PC A, telnet server (TCP/23) on PC B, DNS server (UDP/53) on PC C
and FTP server (TCP/21) on PC D. This means that the inbound traffic of these four services will be directed to
respective host hosting these services.

9.3 ACL Rule Configuration Parameters

Table 9.1 describes the configuration parameters available for firewall ACL rules.

Table 9.1. ACL Rule Configuration Parameters

Field

Description

ID

Add New

Click on this option to add a new ACL rule.

Rule Number

Select a rule from the drop-down list, to modify its attributes.

Action

Allow

Select this button to configure the rule as an allow rule.
This rule when bound to the Firewall will allow matching packets to pass
through.

Deny

Select this button to configure the rule as a deny rule.
This rule when bound to the Firewall will not allow matching packets to
pass through.

Mave to

This option allows you to set a priority for this rule. The RX3041H Firewall acts on packets based on
the priority of the rules. Set a priority by specifying a number for its position in the list of rules:

1 (First)

This number marks the highest priority.

Other numbers

Select other numbers to indicate the priority you wish to assign to the rule.

Source IP

This option allows you to set the source network to which this rule should apply. Use the drop-down
list to select one of the following options:

Any

This option allows you to apply this rule to all the computers in the source
network, such as those on the Internet for inbound ACL rules and those on
the LAN for outbound ACL rules.

IP Address

This option allows you to specify an IP address on which this rule will be
applied.