Application guide — eipr series – Contemporary Control Systems EIPR Wired/Wireless VPN Router Application Guide User Manual

AG-EIPR0000-BC1

Page 10

Application Guide — EIPR Series

Application #6 — Port Forwarding to Access a Private Web Server

The firewall will normally block all WAN-side requests.

Port forwarding allows computers on the WAN side to

access devices on the LAN side by opening up

selected WAN IP ports. The only WAN-side requests

that will be forwarded through the IP router are those

that specify both the router’s WAN address and a

destination IP port number that exists in the router’s IP

port forwarding table. When this match is made, the

message is forwarded to the indicated IP address on the

LAN side.
This is very useful when only one public IP address is

available, but there is a need to access multiple LAN-

side devices. In this example, we want to access a

private web server at 192.168.92.101 which is normally

invisible from the Internet. Using port forwarding, we

allow a WAN-side request made to the router’s public

(WAN) address. For additional security, the port

numbers have been translated.
You can also select Port Range Forwarding to allow an

entire range of addresses through the firewall. Note

that

any WAN-side device can use port forwarding

— but you can greatly enhance security by creating a

whitelist of allowed WAN-side devices. This is

illustrated at the bottom of the page.

Internal IP Address

LAN IP Port

WAN IP Port External IP Address

192.168.92.101/24

80

8080

1.2.3.4

Enhance Security with a Whitelist

Specify which WAN-side devices

can use port forwarding.