Chapter 7
Traffic Policy
88
Destination NAT (port mapping):
Destination address translation (also called port mapping) is used to allow access to services
hosted in private local networks behind the firewall. All incoming packets that meet defined
rules are re-directed to a defined host (destination address is changed). This actually “moves”
to the Internet interface of the
WinRoute
host (i.e. IP address it is mapped from). From the
client’s point of view, the service is running on the IP address from which it is mapped (usually
on the firewall’s IP address).
Options for destination NAT (port mapping):
Figure 7.18
Traffic rule — destination address translation
•
No Translation
— destination address will not be modified.
•
Translate to
— IP address that will substitute the packet’s destination address. This
address also represents the IP address of the host on which the service is actually
running.
The
Translate to
entry can be also specified by DNS name of the destination computer.
In such cases
WinRoute
finds a corresponding IP address using a DNS query.
Warning
We recommend you not to use names of computers which are not recorded in the local
DNS since rule is not applied until a corresponding IP address is found. This might
cause temporary malfunction of the mapped service.
•
Translate port to
— during the process of IP translation you can also substitute the
port of the appropriate service. This means that the service can run at a port that is
different from the port where it is available from the Internet.
Note:
This option cannot be used unless only one service is defined in the
Service
entry
within the appropriate traffic rule and this service uses only one port or port range.
For examples of traffic rules for port mapping and their settings, refer to chapter
Log
The following actions can be taken to log traffic:
•
Log matching packets
— all packets matching with rule (permitted, denied or dropped,
according to the rule definition) will be logged in the
Filter
log.
•
Log matching connections
— all connections matching this rule will be logged in the
Connection
log (only for permit rules). Individual packets included in these connec-
tions will not be logged.
Summary of Contents for KERIO WINROUTE FIREWALL 6
Page 1: ...Kerio WinRoute Firewall 6 Administrator s Guide Kerio Technologies s r o...
Page 157: ...12 3 Content Rating System Kerio Web Filter 157 Figure 12 7 Kerio Web Filter rule...
Page 247: ...19 4 Alerts 247 Figure 19 14 Details of a selected event...
Page 330: ...Chapter 23 Kerio VPN 330 Figure 23 55 The Paris filial office VPN server configuration...
Page 368: ...368...