Chapter 6 Traffic Policy
Source
Interface connected to the Internet (requests from the Internet will arrive on this interface).
Destination
The WinRoute host labelled as Firewall, which represents all IP addresses bound to the firewall host.
This service will be available at all addresses of the interface connected to the In- ternet. To make the service available at a particular IP address, use the Host option and specify the IP address.
Service
Services to be available. You can select one of the predefined services (see chap- ter 12.3) or define an appropriate service with protocol and port number.
Any service that is intended to be mapped to one host can be defined in this entry. To map services for other hosts you will need to create a new traffic rule.
Action
Select the Allow option, otherwise all traffic will be blocked and the function of port mapping will be irrelevant.
Translation
In the Destination NAT (Port Mapping) section select the Translate to IP address option and specify the IP address of the host within the local network where the service is running.
Using the Translate port to option you can map a service to a port which is different from the one where the service is available from the Internet.
Warning: In the Source NAT section should be set to the No Translation option. Combining source and destination IP address translation is relevant under special conditions only .
Note: For proper functionality of port mapping, the locally hosted server must point to the WinRoute firewall as the default gateway. Port mapping will not function well unless this condition is met.
Placing the rule
Port mapping rules are usually independent from NAT rules or/and rules limiting access to the Internet, as well as on each other. For better reference, it is recom- mended to place all these rules at the top or at the end of the rule list.
If there are special rules limiting access to mapped services, the mapping rules themselves must be placed after the access limiting rules (however, usually it is pos- sible to combine service mapping and access limiting rules and make them a single rule).