Skip to end of metadata
Go to start of metadata

This document describes how to configure a LANCOM router so that, for example, a downstream firewall acts as an exposed host.

Please note that a device that acts as an exposed host is accessible unprotected from the WAN by means of the forwarded ports.

1) Open the configuration for the LANCOM router and switch to the menu item IP router → Masquerading → Port forwarding table.
2) Add the port-forwarding entries as shown in the following figure.
  • The entries in the red box are the ports that the LANCOM router forwards to the downstream firewall in the LAN. The IP address set to the local IP address of the firewall. The Remote site is the Internet connection configured on the LANCOM router.
  • The entries in the green box are the ports that are used directly by the LANCOM router and are not forwarded to the firewall (e.g. HTTPS, VPN, VoIP, etc.). If these services are not required by the LANCOM router, they can also be forwarded to the exposed host.
  • You should not forward ports 61.439 to 65.535, as these are used for NAT and can otherwise lead to problems when communicating over the Internet.

The configuration described above is available as a ready-made script for uploading to the LANCOM router:

Please note that before installing this script you need to replace the configured IP address ( with the local IP address of your firewall.