Skip to end of metadata
Go to start of metadata


Description:

Many applications require access from the Internet to resources on a local network, such as a web or mail server. This can be achieved with port forwarding.

This article describes how to set up port forwarding on a Unified Firewall.


Requirements:

  • LANCOM R&S®Unified Firewall with firmware version 10.2 or later
  • A configured and functional Internet connection on the Unified Firewall
  • Web browser for configuring the Unified Firewall.

    The following browsers are supported:
    • Google Chrome
    • Chromium
    • Mozilla Firefox


Scenario:

1) The Unified Firewall is directly connected to the Internet

  • The Unified Firewall establishes the Internet connection. It has the public IP address 81.81.81.1.
  • A web server on the local network of the Unified Firewall has the IP address 192.168.1.100 and should be reached from the Internet via HTTPS.


2) The router upstream from the Unified Firewall establishes the Internet connection

  • A router upstream from the Unified Firewall establishes the Internet connection. It has the public IP address 81.81.81.1.
  • The Unified Firewall and the upstream router are both members of the intermediate network 192.168.0.0/24. In this network, the Unified Firewall has the IP address 192.168.0.254.
  • A web server on the local network of the Unified Firewall has the IP address 192.168.1.100 and should be reached from the Internet via HTTPS.

This scenario also includes the “parallel” solution as described in this article.


Procedure:

The setups for scenarios 1 and 2 are basically the same. For scenario 2, you additionally have to set up port forwarding on the upstream router.

1) Setting up port forwarding on the Unified Firewall (scenarios 1 and 2)

1.1) Open the configuration of the Unified Firewall in a browser and click on the icon to create a host.

1.2) Modify the following parameters and then click Create:

  • Name: Enter a descriptive name.
  • Connected to: From the drop-down menu, select the Ethernet port used to connect to the forwarding destination (in this example the Ethernet port eth1).
  • IP Address: Enter the IP address of the forwarding destination on the local network that is connected to the Ethernet port selected under Connected to (in this example the IP address 168.1.100).

1.3) On the Host, click on the "connection” icon and connect it to the Internet object.

1.4) From the list of protocols, select the protocol required for port forwarding and add this using the "+" icon (in this example, the web server should be reached by HTTPS).

Firewall objects can also be accessed via Desktop → Desktop Connections and clicking on the “edit” icon.

1.5) Click on the arrow under Action to allow incoming traffic for port forwarding.

Then click on the "pencil" icon to adjust further settings.

1.6) Change to the tab Advanced and set a checkmark for Enable DMZ / port forwarding for this service.

If you have several public IP addresses, you can specify one of the addresses under External IP address. Port forwarding only takes effect when this IP address is contacted. This setting is only practicable for scenario 1.

If the port forwarding should be directed to a different port, you can specify this under Destination port. For example, access from the Internet on port 443 can be forwarded internally by the Unified Firewall to port 6443. Note that you have to store an object that arrives at the Unified Firewall from the outside and that contains the service/port. This can then be converted to the value under Destination port. In the opposite case (converting port 6443 to port 443), a user-defined object has to be set up with port forwarding for port 6443. The Destination port entry then forwards this to port 443. This setting can be used for scenarios 1 and 2.

1.7) Click Create to generate the firewall rule.

1.8) Finally, implement the configuration changes by clicking Activate.

1.9) This concludes the configuration of the United Firewall.



2) Setting up port forwarding on an upstream LANCOM router (scenario 2 only)

If you are using a router from another manufacturer, approach them for information about the appropriate procedure.

2.1) Open the configuration for the LANCOM router in LANconfig and switch to the menu item IP Router → Masqu. → Port forwarding table.

2.2) Create a new entry and adjust the following parameters:

  • First port: Enter the port to be forwarded (in this example port 443 for HTTPS).
  • Last port: Enter the port to be forwarded (in this example port 443 for HTTPS).
  • Intranet address: Enter the IP address of the Unified Firewall in the intermediate network between the Unified Firewall and the LANCOM router (the Unified Firewall has the IP address 192.168.0.254 in this example).
  • Protocol: Select the associated protocol from the drop-down menu (HTTPS uses TCP). 

2.3) This concludes the configuration of the router. Write the configuration back to the router.