Manualshelf

Specifications

ManualsBrandsBarracuda Networks ManualsComputer equipmentLoad Balancer
21222324252627282930
Chapter 3: Configuring the Barracuda Link Balancer 23
If the Barracuda Link Balancer firewall is disabled, you can create a NAT rule to map the destination
IP address of the inbound traffic on one WAN link to another WAN link's IP address. This allows you
to add a new WAN link without having to update rules on your network firewall. See Adding,
Updating or Viewing WAN Link Configuration on page 19 for more details.
When a 1:1 NAT rule is created, an inbound firewall rule to accept traffic for the external IP address
is automatically generated. Without this rule, all connections that are initiated from outside are
denied. You can view and change this rule – it has a similar Rule Name – using the
Firewall > Inbound
page. You may want to modify that rule to limit access to only those ports or applications that you
want to be publicly accessible.
Use the Firewall > NAT page to create 1:1 NAT rules and port forwarding rules. If you create a 1:1
NAT rule for an address, there is no need to also create a port forwarding rule.
Port Forwarding Rules
Create port forwarding rules to direct traffic on an external port to a port on an internal IP address.
You must specify which WAN link to be used to listen for incoming packets on the port. The return
path is handled automatically.
The listen IP address on a specific WAN interface could either be the WAN IP address or any
Additional IP address on the same WAN interface. A WAN IP address that is used in any port
forwarding rule can not also be used in a 1:1 NAT rule.
You can forward the traffic from a port on multiple WAN links to a port on one internal IP address
by creating a rule for each WAN link.
When you add a port forwarding rule, an inbound firewall rule is created automatically to accept
traffic on the listen link and port for the private IP address of the server. Without this rule, all
connections that are initiated from outside are denied. You can view and change this rule – it has a
similar Rule Name – using the
Firewall > Inbound page.
To add a new port forwarding rule, go to the
Firewall > NAT page.
Outbound Firewall Rules
By default, all outbound connections are allowed. You can create outbound firewall rules to deny
outbound connectivity. For example, you may want to block access to certain online gaming sites that
use specific ports.
Use the
Firewall > Outbound page to create, modify or delete outbound firewall rules. The rules are
arranged in the table from top to bottom in order of precedence. Only the first rule that matches the
profile of the traffic is executed.
If you want to create an outbound rule for an application that is not in the list presented when you add
the rule, go to the
Policy > Applications page and define a Custom Application.
Firewall Logging
You can view the firewall log displayed on the Logs > Firewall Log page to see rules that have been
executed and whether the traffic was dropped or allowed. Only rules that have the
Log check box
selected in their rule entry (under the
Firewall tab) are logged in this way.