Manualshelf

Specifications

ManualsBrandsBarracuda Networks ManualsComputer equipmentLoad Balancer
21222324252627282930
22 Barracuda Link Balancer Administrator’s Guide
Firewall Functionality
Using 1:1 NAT and port forwarding rules, the Barracuda Link Balancer can perform:
1:1 NAT - Assign external addresses to internal clients.
Port forwarding (or Port Address Translation) - The traffic to a port across one or multiple links
is directed to an internal client.
Many to 1 NAT - One internal server may receive traffic from more than one WAN link. You can
achieve this by creating 1:1 NAT rules or port forwarding rules.
Port blocking and unblocking.
1:1 NAT and port forwarding rules are executed only if the Barracuda Link Balancer firewall is
enabled or, if not, for any WAN link with the
NAT/Port Forwarding option enabled. Even if the rules
are not able to be executed, you can always create rules and save them. This may assist you in
configuring the built-in firewall with minimal disruption to your network.
Inbound and outbound firewall rules allow or deny access to remote networks, clients, services and
ports. Inbound and outbound firewall rules are executed regardless of firewall status.
The Barracuda Link Balancer firewall also assists in preventing and mitigating distributed denial of
service attacks by rate limiting the number of requests that come in to your network.
Order of Execution of Firewall Rules
Firewall rules are arranged in tables from top to bottom in order of precedence. Only the first rule that
matches the profile of the traffic is executed.
Inbound Firewall Rules
By default, all connections that are initiated from outside are denied. Add inbound firewall rules to
allow exceptions for specific IP addresses, ports and applications. Applications let you define rules
that apply to more than one port.
Use the Firewall > Inbound page to create firewall rules for incoming packets. If you want to create
an inbound rule for an application that is not in the list presented when you add the rule, first go to the
Policy > Applications page and define a new application.
Inbound 1:1 NAT Rules
When the Barracuda Link Balancer firewall is enabled, externally reachable servers cannot have
public IP addresses. You will need to reconfigure these servers with private IP addresses. Identify the
public IP addresses as the Additional IP Addresses for a WAN interface that has a static IP address.
Then you can create 1:1 NAT rules to direct traffic to your servers.
You can add the public IP addresses as Additional IP Addresses to more than one WAN interface that
has a static IP address. All incoming traffic will be forwarded according to the rules you create. This
allows traffic to be received by the same internal server from more than one WAN link.
1:1 NAT applies to the IP address only, leaving ports the same on both IP addresses. 1:1 NAT is bi-
directional – outbound traffic will include the servers' public IP addresses.