User`s guide
MBR L13 – User’s Guide
39
To reinstate a rule at a later time
Reselect the check box.
To remove a rule:
Click the action icon for the service. The service will be permanently removed.
3.7.1.3 Port Forwarding
In its default state, the L13 blocks all external users from connecting to or communicating with your network.
Therefore the system is safe from hackers who may try to intrude on the network and damage it. However, you may
want to expose your network to the Internet in certain limited and controlled ways in order to enable some
applications to work from the LAN (game, voice and chat applications, for example) and to enable Internet-access to
servers in the local network. The Port Forwarding feature supports both of these functionalities. If you are familiar
with networking terminology and concepts, you may have encountered this topic referred to as "Local Servers".
The Port Forwarding screen enables you to define the applications that require special handling by the L13. All you
have to do is select the application's protocol and the local IP address or name of the computer that will be using or
providing the service. If required, you may add new protocols in addition to the most common ones provided by L13.
For example, if you wanted to use a File Transfer Protocol (FTP) application on one of your PCs, you would simply
select FTP from the list and enter the local IP address or host name of the designated computer. All FTP-related data
arriving at the L13 from the Internet will henceforth be forwarded to the specified computer.
Similarly, you can grant Internet users access to servers inside your local network, by identifying each service and the
PC that will provide it. This is useful, for example, if you want to host a Web server inside your local network. When an
Internet user points his/her browser to the L13 external IP address, the gateway will forward the incoming HTTP
request to your Web server.
However, there is a limitation that must be considered. With one external IP address (the L13 main IP address),
different applications can be assigned to your LAN computers, however each type of application is limited to use one
computer. For example, you can define that FTP will use address X to reach computer A and Telnet will also use
address X to reach computer A, but attempting to define FTP to use address X to reach both computers A and B will
fail. L13 therefore provides the ability to add additional public IP addresses to port forwarding rules, which you must
first obtain from your ISP and enter into the NAT IP Addresses Pool (refer to Section 3.7.1.8). You will then be able to
define FTP to use address X to reach computer A and address Y to reach computer B.
Additionally, port forwarding enables you to redirect traffic to a different port instead of the one to which it was
designated. For example, you have a Web server running on your PC on port 8080 and you want to grant access to this
server to anyone who accesses L13 via HTTP. To accomplish this, you will have to define a port forwarding rule for the
HTTP service, with the PC's IP or host name, as well as specify 8080 in the Forward to Port field. All incoming HTTP
traffic will now be forwarded to the PC running the Web server on port 8080.
When setting a port forwarding service, you must ensure that the port is not already in use by another application,
which may stop functioning. A common example is when using SIP signaling in Voice over IP—the port used by the
gateway's VoIP application (5060) is the same port on which port forwarding is set for LAN SIP agents.
To add a new port forwarding service:
1. In the WBM, select the Firewall menu item under the Services tab, and click the Port Forwarding link. The
Port Forwarding screen appears.