Configure security settings Firewall
Digi TransPort WR Routers User Guide 697
Address/Port translation
One further option for specifying addresses is to use address translation. The syntax for this is:
srcdst = “all | fromto [-> [ip-object] “to” object]
such as directly after the IP addresses and port are specified. An optional
-> can follow, indicating
that the addresses/ports should be translated. The first source object is optional, as it is more
normal to translate the destination address.
The following example reroutes packets originally destined for 10.10.10.12 to 10.1.2.3:
pass out break end from any to 10.10.10.12 -> to 10.1.2.3
In addition, complete subnets can have NAT applied. The address bits not covered by the subnet
mask are taken from the original IP address. For example, to NAT the destination subnet of
192.168.0.0/24 to be 192.168.1.0/24, the firewall rule is:
pass out break end from any to 192.168.0.0/24 -> to 192.168.1.0/24
Filtering on port numbers
Suppose a Telnet server is running on a machine on IP address 10.1.2.63, and you want to make
this server accessible. The filter from the previous example blocks all packets to 10.1.2.*. To make
the Telnet server available on 10.1.2.63, add the following line before the blocking rule:
pass break end from any to 10.1.2.63 port=23
A packet sent to the Telnet server (port 23) on IP address 10.1.2.63 matches this rule, and further
checking is prevented by the break end option.
The above example illustrates the
= comparison. Other comparison methods supported are:
You can also specify a port in range or a port out of range with the
>< or <> symbols. For example, to
pass all packets to addresses in the range 23 to 28, the rule is:
pass break end from any to 10.1.2.63 port 23><28
To simplify ports references, some common port numbers are associated with the predefined
strings, listed in the table below. For example, in the example above, if we substitute the number 23
with the string telnet, the rule is:
pass break end from any to 10.1.2.63 port=telnet
Symbol Meaning
!= not equal
> greater than
< less than
<= less than or equal to
>= greater than or equal to
To Next Page
Loading...
