Manualshelf

User manual

ManualsBrandsBaseWall ManualsComputer equipmentDual WAN VPN Firewall VPN 2000
31323334353637383940
- BaseWall VPN 6000 user manual -
4 Wizard: Port forwarders (PNAT)
Most Internet connections will only allow one Internet address (IP address) to
be assigned to your firewall. This means that no machine on the internal
network (LAN) can be reached directly from the Internet. While this provides
some measure of safety to the machines on the internal network, it also
effectively prevents these machines from functioning as a server for machines
on the Internet. For example any mail-, web- or database servers that you
operate on your internal network cannot be reached from the Internet. Hence
these machines cannot accept requests or deliveries from machines located on
the Internet. In some cases (like the case of a mail server operating on the
internal network) this is not the intended behavior. For these cases, port
forwarding (PNAT, Port based Network Address Translation) is supported on
your BaseWall VPN 6000.
Port forwarding effectively redirects all requests originally sent to a specific
Internet address and port of the firewall to a specific port and address on the
internal network. This is necessary for every case where a machine or service
on the internal network (LAN) must be able to accept connections from the
Internet directly. This may be the case for example HTTP (an intranet web
server), VoIP (voice over IP) or IP telephony, teleconferencing or peer to peer
file transfer software. In the example below we will use the case of HTTP (web-
traffic) to a web server on the internal network (LAN).
E-mail delivered to the mail server is offered to the firewall's external Internet
address using the TCP protocol on port 80 (which is reserved for HTTP traffic).
If the web server on the internal network is to correctly receive this request
then all traffic addressed to TCP port 80 of the firewall should be forwarded to
TCP port 80 of the internal network's web server. This is what “Port forwarding”
(PNAT) is for.
Please bear in mind the fact that, once you have forwarded traffic from any
port on the firewall to a machine on the internal network, this machine may be
vulnerable to Internet attacks using that specific port. Your firewall cannot
entirely protect this system from attacks masquerading as bona-fide Internet
traffic. You are advised to run regular system updates and security audits on
any machine so exposed to outside influence.
Page 39 / 79