Table of Contents
Advertisement
1.
Go to: Policies > Firewalling > Main IP Rules > Add > IP Rule
2.
Specify a suitable name for the rule, for example Allow_HTTP_To_DMZ
3.
Now enter:
•
Action: Allow
•
Service: http-all
•
Source Interface: any
•
Source Network: all-nets
•
Destination Interface: wan
•
Destination Network: wwwsrv_pub
4.
Click OK
7.4.5. Port Translation
Port Address Translation (PAT) can be used to modify the source or destination port of a
connection. In previous SAT examples, a new port number was not been specified and the
original port number was used by default. If the port number is specified, both the IP address and
the port number are translated.
As explained above in the summary of SAT processing in Section 7.4.1, "Introduction", port
translation is performed by the same SAT IP rule used for IP address translation but follows
slightly different processing rules to IP address translation. Only one-to-one and many-to-many
port translation can be performed. All-to-one port translation is not possible.
Once a new port number is defined in the SAT IP rule, the type of port translation performed is
decided by the Service object associated with the SAT IP rule. If the Service object has a single
value specified for its Port property, the port translation is one-to-one. If the Port property is a
simple range (for example, 60-70), the translation is many-to-many, with the transposition
beginning with the new port number specified.
Port translation will not occur if the Service object's Port property is anything other than a single
value or a simple range. For example, if the property is 60-70,80, port translation will not take
place even though a new port number is specified in the SAT IP rule.
For example, consider the following SAT IP rule with a Service object associated with it that has
the simple port range 80-85. The rule specifies the destination address wwwsrv_pub is translated
to wwwsrv_priv with the new port number of 1080.
# Action
Src Iface Src Net
1 SAT
any
This rule produces a many-to-many transposition of all ports in the range 80-85 to the range
1080-1085. For example, the following will happen:
•
Attempts to communicate with the web server's public address - port 80, will result in a
connection to the web server's private address - port 1080.
•
Attempts to communicate with the web server's public address - port 84, will result in a
Dest Iface Dest Net
all-nets
wan
wwwsrv_pub TCP 80-85
599
Chapter 7: Address Translation
Service
SAT Action
Destination IP: wwwsrv_priv Port:1080
- Quick Links:
- User Manual
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
