Quelle anzeigen

Description:

Many applications require access from the Internet to resources on a local network, such as a web or mail server. This can be achieved with port forwarding.

This article describes how to set up port forwarding on a Unified Firewall.

Requirements:

LANCOM R&S®Unified Firewall with firmware version 10.2 or later
A configured and functional Internet connection on the Unified Firewall
Web browser for configuring the Unified Firewall.

The following browsers are supported:
- Google Chrome
- Chromium
- Mozilla Firefox

Scenario:

1) The Unified Firewall is directly connected to the Internet

The Unified Firewall establishes the Internet connection. It has the public IP address 81.81.81.1.
A web server on the local network of the Unified Firewall has the IP address 192.168.1.100 and should be reached from the Internet via HTTPS.

LANCOM Support Knowledge Base > Setting up port forwarding on a LANCOM R&S®Unified firewall > Scenario1.png

2) The router upstream from the Unified Firewall establishes the Internet connection

A router upstream from the Unified Firewall establishes the Internet connection. It has the public IP address 81.81.81.1.
The Unified Firewall and the upstream router are both members of the intermediate network 192.168.0.0/24. In this network, the Unified Firewall has the IP address 192.168.0.254.
A web server on the local network of the Unified Firewall has the IP address 192.168.1.100 and should be reached from the Internet via HTTPS.

This scenario also includes the “parallel” solution as described in this article.

LANCOM Support Knowledge Base > Setting up port forwarding on a LANCOM R&S®Unified firewall > Scenario2.png

Procedure:

The setups for scenarios 1 and 2 are basically the same. For scenario 2, you additionally have to set up port forwarding on the upstream router.

1) Setting up port forwarding on the Unified Firewall (scenarios 1 and 2):

1.1) Open the configuration of the Unified Firewall in a browser and click on the icon to create a host.

LANCOM Support Knowledge Base > Setting up port forwarding on a LANCOM R&S®Unified firewall > 1.png

1.2) Modify the following parameters and then click Create:

Name: Enter a descriptive name.
Interface: From the drop-down menu, select the Ethernet port used to connect to the forwarding destination (in this example the Ethernet port eth1).
IP Address: Enter the IP address of the forwarding destination on the local network that is connected to the Ethernet port selected under Interface (in this example the IP address 192.168.1.100).

LANCOM Support Knowledge Base > Setting up port forwarding on a LANCOM R&S®Unified firewall > 2.png

1.3) On the Host, click on the "connection” icon and connect it to the Internet object.

LANCOM Support Knowledge Base > Setting up port forwarding on a LANCOM R&S®Unified firewall > 3.png

1.4) From the list of protocols, select the protocol required for port forwarding and add this using the "+" icon (in this example, the web server should be reached by HTTPS).

LANCOM Support Knowledge Base > Setting up port forwarding on a LANCOM R&S®Unified firewall > 4.png

1.5) Click twice on the arrow under Action till it points to the left to allow incoming traffic for port forwarding.

Then click on the "pencil" icon under Edit to adjust further settings.

LANCOM Support Knowledge Base > Setting up port forwarding on a LANCOM R&S®Unified firewall > 6.png

1.6) Change to the tab Advanced, select the option Use Service Specific Settings and set a checkmark for Enable DMZ / port forwarding for this service. Click OK afterwards.

If you have multiple public IP addresses which are configured in the Unified Firewall, you can specify one of the addresses under External IP address. Port forwarding only takes effect when this IP address is contacted. This setting is only practicable for scenario 1.

If the port forwarding should be directed to a different port, you can specify this under Destination port. For example, access from the Internet on port 443 can be forwarded internally by the Unified Firewall to port 6443. Note that you have to store an object that arrives at the Unified Firewall from the outside and that contains the service/port. This can then be converted to the value under Destination port. In the opposite case (converting port 6443 to port 443), a user-defined object has to be set up with port forwarding for port 6443. The Destination port entry then forwards this to port 443. This setting can be used for scenarios 1 and 2.

LANCOM Support Knowledge Base > Setting up port forwarding on a LANCOM R&S®Unified firewall > 7.png

1.7) Click Create to generate the firewall rule.

LANCOM Support Knowledge Base > Setting up port forwarding on a LANCOM R&S®Unified firewall > 8.png

1.8) Finally, implement the configuration changes by clicking Activate.

LANCOM Support Knowledge Base > Setting up port forwarding on a LANCOM R&S®Unified firewall > 9.png

1.9) This concludes the configuration of the United Firewall.

2) Setting up port forwarding on an upstream LANCOM router (scenario 2 only):

If you are using a router from another manufacturer, approach them for information about the appropriate procedure.

2.1) Open the configuration for the LANCOM router in LANconfig and switch to the menu item IP Router → Masq. → Port forwarding table.

LANCOM Support Knowledge Base > Setting up port forwarding on a LANCOM R&S®Unified firewall > 10_75.png

2.2) Create a new entry and adjust the following parameters:

First port: Enter the port to be forwarded (in this example port 443 for HTTPS).
Last port: Enter the port to be forwarded (in this example port 443 for HTTPS).
Intranet address: Enter the IP address of the Unified Firewall in the intermediate network between the Unified Firewall and the LANCOM router (the Unified Firewall has the IP address 192.168.0.254 in this example).
Protocol: Select the associated protocol from the drop-down menu (HTTPS uses TCP).

LANCOM Support Knowledge Base > Setting up port forwarding on a LANCOM R&S®Unified firewall > 11_75.png

2.3) This concludes the configuration of the router. Write the configuration back to the router.