Firewall
131
A typical use of NAT rules is to forward packets destined for your Internet IP address to
an internal web server or email server on your LAN. This is known as a port forward, or
destination NAT as it alters the destination address of the packet.
The first step in creating packet filter or NAT rules, is to define services (such as web or
email) and addresses (such as your internal web server, or a trusted external host) under
Definitions.
Definitions
Before creating packet filter or NAT rules, it is useful to define services or groups of
services, addresses and interfaces to be used to match packets.
Definitions need not be created for simple rules that only specify a single service,
address or interface, as these can be entered while creating the rule.
If a rule specifies groups of services, addresses or interfaces, then you must create
definitions for these groups before creating the rule.
Service groups
A network service is defined by a protocol and port. Protocol may be either TCP, UDP,
ICMP or IP, and port may be any valid network port number (i.e. 1 and 65535), e.g. HTTP
(web) uses the TCP protocol, with a default port of 80. Network packets may be matched
by destination service.
Click the Service Groups tab. Any services that have already been defined are
displayed. Click New to add a new service group, or select an existing service group and
click Modify.
Adding or modifying a service group is shown in the following figure:
To Next Page
Loading...
Need help?
General
