beautypg.com

Port translation – Amer Networks E5Web GUI User Manual

Page 514

background image

Finally, create an associated Allow rule:

1.

Go to: Policies > Add > IPRule

2.

Specify a suitable name for the rule, for example Allow_HTTP_To_DMZ

3.

Now enter:

Action: Allow

Service: http

Source Interface: any

Source Network: all-nets

Destination Interface: wan

Destination Network: wwwsrv_pub

4.

Click OK

7.4.5. Port Translation

Port Address Translation (PAT) can be used to modify the source or destination port of a
connection. In previous SAT examples, a new port number was not been specified and the
original port number was used by default. If the port number is specified, both the IP address and
the port number are translated.

As explained above in the summary of SAT processing in Section 7.4.1, “Introduction”, port
translation is performed by the same SAT IP rule used for IP address translation but follows
slightly different processing rules to IP address translation. Only one-to-one and many-to-many
port translation can be performed. All-to-one port translation is not possible.

Once a new port number is defined in the SAT IP rule, the type of port translation performed is
decided by the Service object associated with the SAT IP rule. If the Service object has a single
value specified for its Port property, the port translation is one-to-one. If the Port property is a
simple range (for example, 60-70), the translation is many-to-many, with the transposition
beginning with the new port number specified.

Port translation will not occur if the Service object's Port property is anything other than a single
value or a simple range. For example, if the property is 60-70,80, port translation will not take
place even though a new port number is specified in the SAT IP rule.

For example, consider the following SAT IP rule with a Service object associated with it that has
the simple port range 80-85. The rule specifies the destination address wwwsrv_pub is translated
to wwwsrv_priv with the new port number of 1080.

# Action

Src Iface

Src Net

Dest Iface Dest Net

Service

SAT Action

1 SAT

any

all-nets

wan

wwwsrv_pub TCP 80-85

Destination IP: wwwsrv_priv Port:1080

This rule produces a many-to-many transposition of all ports in the range 80-85 to the range
1080-1085. For example, the following will happen:

Attempts to communicate with the web server's public address - port 80, will result in a
connection to the web server's private address - port 1080.

Chapter 7: Address Translation

514

This manual is related to the following products:
See also other documents in the category Amer Networks Computer Accessories: