2 source nat, 3 incoming routed traffic, 2 source nat 5.2.3 incoming routed traffic – NEXCOM IFA 1610 User Manual
Page 53
Copyright © 2014 NEXCOM International Co., Ltd. All Rights Reserved.
IFA 3610/IFA 2610/IFA 1610 User Manual
Chapter 5: The Firewall Menu
50
5.2.2 Source NAT
In this page can be defined rules that apply SNAT to outgoing connections. The list of already defined rules is also
displayed, for each of which the source and destination IP addresses, the service, the NAT status, a custom description
of the rule, and the available actions are shown.
Source NAT can be useful if a server behind the IFA 3610/IFA 2610/IFA 1610 appliances has an own external IP and the
outgoing packets should therefore not use the RED IP address of the firewall, but the one of the server. To add a new
rule, click on Add a new source NAT rule and proceed like in the case of adding a port forwarding rule. Besides the
common options, only one other setting can be configured:
NAT
Select to either apply NAT, No NAT, or Map Network. The choice to use SNAT allows the selection of the IP address
that should be used among those presented in the drop-down menu. The Auto entries will automatically choose the IP
address corresponding to the outgoing interface.
SNAT and a SMTP server in the orange zone.
In certain cases it is preferable to explicitly declare that no Source NAT be performed. An example would be a SMTP
server in the DMZ, configured with an external IP, but whose outgoing connections should have the REDIP as the source.
Configuring an SMTP server running on the IP 123.123.123.123 (assuming that 123.123.123.123 is an additional IP
address of the uplink) in the DMZ with Source NAT can be done as follows:
1. Configure the ORANGE zone with any subnet (e.g., 192.168.100.0).
2. Setup the SMTP server to listen on port 25 on an IP in the ORANGE zone (e.g., 129.168.100.13).
3. In the Menubar
► Network ► Interfaces section, add a static Ethernet uplink with IP 123.123.123.123 to the
appliance.
4. Add a source NAT rule and specify the ORANGE IP of the SMTP server as source address. Be sure to use NAT and set
the NAT-ed source IP address to 123.123.123.123.
5.2.3 Incoming Routed Traffic
This tab allows to redirect traffic that has been routed through the appliance. This is very useful when having more than
one external IP addresses and some of them should be used in the DMZ without the necessity to use NAT. The fields
shown for every rule in the list are the traffic source and destination, the service, the policy to apply, a remark, and the
available actions.
No other setting can be configured besides the common options.