User manual

- BaseWall VPN 6000 user manual -

20.7 Specials

To add more options to a policy you'll have to push the “Add specials” button.

This will provide a pulldown menu with the various options that are available.

20.8 DNAT

To setup a Destination Network Address Transformation you select the DNAT

option. Normally a DNAT policy will need to have the firewall (the old

destination) and the new target address (the new destination) as destination

routes selected. If the firewall is able to detect this policy setup, it will

automatically setup the DNAT option with the new target address. If this fails a

DNAT entry with new address "---" will appear. By clicking on the address it can

be modified.

It is possible to not only translate the destination address, but also translate

the destination port. This is accomplished by changing the address in the DNAT

entry to: <address>:<newport> for example 192.168.99.4:3390

20.9 SNAT/MASQ

With these two options it is possible to translate the source address of traffic

matching this policy. SNAT is used to translate the source to the address given

behind the SNAT entry. This address can be modified by clicking on the

address. This will provide a pulldown menu with all known local addresses of

the firewall. A special case is the usage of MASQ instead of SNAT. When MASQ

is used the firewall will automatically translate the source to the first address of

the device the packets leave on.

20.10 MSS

The MSS option is used to modify a TCP header field of the passing packets.

The modified field is called Maximum Segment Size (MSS). This field indicates

the destination of these packets that the reply packets should be smaller than

this size. Effectively it will lower the return MTU (Maximum Transfer Unit) of the

returning packets. This can be very effective in setups where there are MTU