User manual
Firewall
140
Source NAT rules are useful for masquerading one or more IP addresses behind a
single other IP address. This is the type of NAT used by the SG unit to masquerade your
private network behind its public IP address.
To a server on the Internet, requests originating from the hosts behind masqueraded
interface appear to originate from the SG unit, as matched packets have their source
address altered. You may enable or disable source NAT between interfaces under
Masquerading, and fine tune source NAT rules under Source NAT.
1-to-1 NAT is a combination of destination NAT and source NAT. Both destination NAT
and source NAT rules are created for full IP address translation in both directions. This
can be useful if you have a range of IP addresses that have been added as interface
aliases on the SG unit’s WAN interface, and want to associate one of these external alias
IP addresses with a single internal, masqueraded computer. This effectively allocates the
internal computer its own real world IP address, also known as a virtual DMZ.
Port forwarding
Port forwarding rules alter the destination address and optionally the destination port of
packets received by the SG unit.
Port forwarding allows controlled access to services provided by machines on your
private network to users on the Internet by forwarding requests for a specific service
coming into one of the SG unit’s interfaces (typically the WAN interface) to a machine on
your LAN, which services the request.
Click Port Forwarding. Any rules that have already been defined are displayed, you
may Edit or Disable/Enable these rules by clicking the appropriate icon. Click New to
add a new rule.
You may also add a new rule above an existing one by clicking the Add Above icon, or
below with Add Below.
Note
The first matching rule determines the action for the network traffic, so the order of the
rules is important. You can use the Move Up and Move Down icons to change the order.
The rules are evaluated top to bottom as displayed on screen.