FireBrick Portmapping: Difference between revisions

FireBrick Portmapping (view source)

Revision as of 10:02, 1 August 2019

1,183 bytes added , 1 August 2019

m

no edit summary

AA-Andrew

autoreview, Bureaucrats, editor, Interface administrators, reviewer, Administrators

12,270

edits

Revision as of 11:08, 17 April 2012 (view source) James Carlson (talk \| contribs) No edit summary ← Older edit		Revision as of 10:02, 1 August 2019 (view source) AA-Andrew (talk \| contribs) mNo edit summary Newer edit →
(7 intermediate revisions by 2 users not shown)
<indicator name="FireBrick">[[File:Menu-FireBrick.svg\|link=:Category:FireBrick\|30px\|Back up to the FireBrick Category]]</indicator> ~~==Port Mapping==~~ ~~(Remember, NAT is evil!)~~ ==FireBrick port mapping example== Mapping is done under a rule-set, for example, here we happen to have a FireBrick that has a Native IP block from AAISP, and a Tunnel from TunnelBroker.net. We want to map one of the Tunneled IPs to a machine on our LAN which has been assigned one of our native IPv6 addresses from AAISP. ~~<syntaxhighlight>~~ Mapping is done using Firewall rules. <rule-set name="Mapping Example">▼ ~~<rule name="HE to Web server" target-ip="2001:470:1F09:B40::2" target-port="80" set-target-ip="2001:8B0:1635::D685:64FF:FEC9:E630" target-port="80" set-nat="true" log="true"/>~~ The principle is that you describe the original traffic (source/target interface, IP, protocol, port etc) and then define a Rule with what you want to happen to that traffic - eg, set a new target IP, port and enable NAT. </rule-set>▼ ~~</syntaxhighlight>~~ ~~You~~Typically, ~~can~~your ofFireBrick ~~course~~will ~~use~~be ~~IPv4~~the ~~addresses,~~original ~~and~~target ~~map~~of the ~~public~~traffic, IPit ofwill ~~your FireBrick to~~have a ~~natted RFC1918~~public IP on ~~the~~one ~~LAN~~of its PPP interfaces perhaps. ~~See~~If ~~the~~we take an ~~manual~~example for ~~other~~RDP, ~~elements~~then ofwe can crate the <rule-set ~~...>~~as ~~tag.~~follows: ~~[http://essayfast.com/order.php buy essay online]~~ ▲ <rule-set name="~~Mapping~~Port ~~Example~~Mappings"> source-interface="pppoe" target-interface="self" no-match-action="continue"> ▲ </rule-set> And then add a rule for RDP to this rule-set: <rule name="Map RDP to server1" target-port="3389" set-target-ip="192.168.1.101" set-nat="true" action="accept"/> You can add more requirements as needed, such as changing the port if needed, or adding source IPs so as to restrict access to known IPs. You can also use profiles to control access further. If you have more port mappings then you can add more rule's as required, eg to add access to an internal web server you could map port 8080 to port 80 of the internal webserver: <rule name="Map 8080 to web server2" target-port="8080" set-target-ip="192.168.1.102" set-target-port="80" set-nat="true" action="accept"/> You can then test this rule using the built in Firewall test diagnostic. If you put in: source IP = anything you want Target IP = The FireBrick's IP Protocol = 17 Target port = 3389 Then you should see it match your rule and change the target IP etc: Checking rule-set 5 [Mapping] - Rule 3 [RDP to server1] matched, action is ACCEPT, no further rule-sets considered NAT set (true) Target IP set to 192.168.1.101 [[Category:FireBrick\|Port]]