Chapter 7 Traffic Policy
92
Figure7.23 Trafficrule that makes the local web server available from the Internet
Source
Mapped services can be accessed by clients both from the Internet and from the local
network. For this reason, it is possible to keep the Any value in the Source entry (or it
is possible to list all relevant interface groups or individual groups — e.g. Internet and
LAN).
Destination
The WinRoute host labeled as Firewall, which represents all IP addresses bound to the
firewall host.
This service will be available at all addresses of the interface connected to the Internet.
To make the service available at a particular IP address, use the Host option and specify
the IP address (see the multihoming example).
Service
Services to be available. You can select one of the predefined services (see chapter 14.3)
or define an appropriate service with protocol and port number.
Any service that is intended to be mapped to one host can be defined in this entry. To
map services for other hosts you will need to create a new traffic rule.
Action
Select the Allow option, otherwise all traffic will be blocked and the function of port
mapping will be irrelevant.
Translation
Inthe Destination NAT (Port Mapping) section select the Translate to IP address option and
specify the IP address of the host within the local network where the service is running.
Using the Translate port to option you can map a service to a port which is different from
the one where the service is available from the Internet.
Warning
In the Source NAT section should be set to the No Translation option. Combining source
and destination IP address translation is relevant under special conditions only .
Note: For proper functionality of port mapping, the locally hosted server must point to
the WinRoute firewall as the default gateway. Port mapping will not function well unless
this condition is met.
Placing the rule
As already mentioned, mapped services can be accessed also from the local network.
During access from the local network, connection is established from the local (private)
IP address to an IP address in the Internet (the firewall’s public IP address). If the rule
for mapped service is preceded by a rule allowing access from the local network to the
Internet, according to this rule the packet would be directed to the Internet and then