...
- A router upstream from the Unified Firewall establishes the Internet connection. It has the public IP address 81.81.81.1.
- The Unified Firewall and the upstream router are both members of the intermediate network 192.168.0.0/24. In this network, the Unified Firewall has the IP address 192.168.0.254.
- A web server on the local network of the Unified Firewall has the IP address 192.168.1.100 and should be reached from the Internet via HTTPS.
...
1) Setting up port forwarding on the Unified Firewall (scenarios 1 and 2):
1.1) Open the configuration of the Unified Firewall in a browser and click on the icon to create a host.
1.2) Modify the following parameters and then click Create:
- Name: Enter a descriptive name.
- Connected toInterface: From the drop-down menu, select the Ethernet port used to connect to the forwarding destination (in this example the Ethernet port eth1).
- IP Address: Enter the IP address of the forwarding destination on the local network that is connected to the Ethernet port selected under Connected to Interface (in this example the IP address 192.168.1.100).
1.3) On the Host, click on the "connection” icon and connect it to the Internet object.
1.4) From the list of protocols, select the protocol required for port forwarding and add this using the "+" icon (in this example, the web server should be reached by HTTPS).
| Info |
|---|
Firewall objects can also be accessed via Desktop → Desktop Connections and clicking on the “edit” icon. |
1.5) Click twice on the arrow under Action to allow incoming traffic for port forwarding. Then click on the "pencil" icon under Edit to adjust further settings.
1.6) Change to the tab Advanced Advanced, select the option Use Service Specific Settings and set a checkmark for Enable DMZ / port forwarding for this service. Click OK afterwards.
| Info |
|---|
If you have several public IP addresses, you can specify one of the addresses under External IP address. Port forwarding only takes effect when this IP address is contacted. This setting is only practicable for scenario 1. If the port forwarding should be directed to a different port, you can specify this under Destination port. For example, access from the Internet on port 443 can be forwarded internally by the Unified Firewall to port 6443. Note that you have to store an object that arrives at the Unified Firewall from the outside and that contains the service/port. This can then be converted to the value under Destination port. In the opposite case (converting port 6443 to port 443), a user-defined object has to be set up with port forwarding for port 6443. The Destination port entry then forwards this to port 443. This setting can be used for scenarios 1 and 2. |
1.7) Click Create to generate the firewall rule.
1.8) Finally, implement the configuration changes by clicking Activate.
1.9) This concludes the configuration of the United Firewall.
...
2) Setting up port forwarding on an upstream LANCOM router (scenario 2 only):
| Info |
|---|
If you are using a router from another manufacturer, approach them for information about the appropriate procedure. |
2.1) Open the configuration for the LANCOM router in LANconfig and switch to the menu item IP Router → MasquRouter → Masq. → Port forwarding table.
...