Static NAT | RuggedCom RX1100, RX1000 instruction

Chapter 11 – Configuring The Firewall

The following fields describe the information to match against the incoming connection request in order to apply this rule.

The Action field specifies the final action of the rule. The and log to syslog field determines whether logging will take place and at which logging level.

The Source zone field specifies the zone the request originates from.

The Destination zone or port field specifies the requests destination zone. The Protocol field specifies the protocol (tcp, udp or icmp) to match.

The Source ports and Destination ports fields specifies the requests tcp or udp port numbers to match.

The Original destination address field matches the requests destination IP address.

Note: If you use are using DNAT to port forward, enter the original destination address here and the forwarded address in the Destination zone or port fields Only hosts in zone with address sub-field.

The Rate limit expression fields specifies a rate limit control of the form “X/sec” or “X/min” where X is the number of allowed requests in the time period. A burst limit field “:Y”where Y is the maximum consecutive number of requests and defaults to five if not configured.

The Rule applies to user set fields allow advanced users to match the rule against specific users and groups. This matching only takes place when the source of the traffic is the firewall itself.

Static NAT

Figure 101: Static NAT

RuggedCom

119

Image 121

RuggedCom RX1100, RX1000 manual Static NAT

Contents

RuggedRouter Ruggedrouter User Guide About this User Guide How To Use This User GuideApplicable Firmware Revision Who Should Use This User Guide Quick Start Recommendations Document Conventions Basic Web Based Configuration Additional Configuration About this User Guide Table Of Contents Table Of Contents RuggedRouter User Guide 100 114 144 Page Table Of Contents Page 241 Page Table Of Figures RuggedRouter Setup Main Menu Scheduled Commands Displaying a Command T1/E1 Network Interfaces After Interface Creation Adsl Link Statistics Show Public Key Link Backup Status 162 Raw Socket Menu IRIGB/IEEE1588 General Configuration menu 230 255 IAS Window Edit Profile 282 Access Methods Setting Up And Administering The RouterAccounts And Password Management Default Configuration RuggedRouter Setup Shell Accessing The RuggedRouter Command PromptConfiguring Passwords From the Console Port Setting The Hostname Configuring IP Address InformationConfiguring Radius Authentication Enabling And Disabling The SSH and Web Server Radius Server Configuration menu Enabling And Disabling The Gauntlet Security Appliance Configuring The Date, Time And Timezone RuggedRouter Hardware Information Menu Displaying Hardware Information Selecting a configuration to reload Restoring a Configuration RuggedRouter Web Interface Using a Web Browser to Access the Web InterfaceSSL Certificate Warnings Structure of the Web Interface RuggedRouter Web Interface Main Menu Window LED Status Panel Using The LED Status Panel LED Name Description Obtaining Chassis Information Webmin Configuration Menu Webmin ConfigurationIP Access Control Change Help Server Ports And Addresses Logging Webmin Configuration Menu, Logging Webmin Configuration Menu, Authentication Authentication Webmin Events Log Webmin Events Log This page intentionally blank Bootup And Shutdown Configuring The System Scheduled Commands Change Password Command Scheduled Commands Displaying a Command Webmin Scheduled Cron Jobs Scheduled Cron Jobs System Time System Hostname Network Configuration Configuring Networking Dummy Interface Core Settings Configured Static Routes Default Route TableRouting And Gateways Manually Entered Static Routes Static Multicast Routing Static Multicast Routing DNS Client End To End BackupHost Addresses Page Current Routing & Interface Table Configuring End To End Backup Ethernet Interface Fundamentals Configuring Ethernet InterfacesVlan Interface Fundamentals LED Designations RuggedRouter Functions Supporting VLANs PPPoE On Native Ethernet Interfaces Fundamentals Ethernet Interfaces Ethernet Editing a Network Interface Editing Currently Active Interfaces Virtual Interfaces Edit Boot Time InterfacesVirtual Lan Interfaces List PPPoE Interfaces PPPoE On Native Ethernet Interfaces Editing a PPPoE Interface Edit PPPoE Interface Current Routes & Interface Table PPP Logs T1/E1 Fundamentals Configuring Frame Relay/PPP And T1/E1Frame Relay Location Of Interfaces And Labeling T1/E1Included With T1E1 Strategy For Creating Interfaces T1/E1 Network Interfaces Naming Of Logical Interfaces Editing a T1/E1 Interface E1 Settings T1 Settings Frame Relay Link Parameters Editing a Logical Interface Frame Relay Frame Relay DLCIs Editing a Logical Interface PPP Link Statistics T1/E1 Statistics Frame Relay Statistics Frame Relay Interface Statistics PPP Link Statistics PPP Interface Statistics T1/E1 Loopback Menu T1/E1 Loopback Upgrading Firmware Upgrading Software T3 Fundamentals Configuring Frame Relay/PPP And T3 T3 Network Interfaces T3 Configuration Edit T3 Interface Editing a T3 Interface T3 Statistics Upgrading Software Page DDS Fundamentals Configuring Frame Relay/PPP DDS Network Interfaces DDS Configuration Edit Logical Interface Frame Relay, single Dlci DDS Link Statistics DDS Statistics Frame Relay And PPP Interface Statistics DDS LoopbackPage PPPoE/Bridged Mode Fundamentals Configuring PPPoE/Bridged Mode OnAdsl Fundamentals PPPoE MTU Issues Authentication, Addresses and DNS ServersBridged Mode Adsl Network Interfaces Adsl ConfigurationEditing a Logical Interface PPPoE Edit Logical Interface Bridged Editing a Logical Interface Bridged Adsl Link Statistics Adsl Statistics Current Routes & Interface Table PPP Mode Fundamentals Configuring PPP and ModemWhen the Modem Connects Modem Fundamentals Modem Main Menu Modem Configuration Blind dial Modem PPP Client Modem PPP Client Connections Modem Incoming Call Logs Modem PPP Server PPP Logs Modem PPP Logs PPP Connection Logs Modem PPP Connection LogsPage Firewall Fundamentals Configuring The FirewallStateless vs Stateful Firewalls Linux netfilter, iptables And The Shoreline Firewall Network Address Translation Port Forwarding Shorewall Quick Setup Zones ShoreWall Terminology And ConceptsInterfaces Policy Hosts Interface Subnet Address Protocol Ports Masquerading And Snat Reject Rules Route Based Virtual Private Networking Configuring The Firewall And VPN Virtual Private Networking To a DMZ Policy Based Virtual Private Networking Starting Shorewall Firewall Menu Firewall Main Menu Shorewall Firewall Menu Network Interfaces Network Zones Editing a Firewall Network Interfaces Firewall Zone Hosts Network Zone Hosts Masquerading Default Policies Editing a Masquerading Rule Firewall Rules Static NAT Static NAT Creating a Static NAT Entry Actions When StoppedPage Page VPN Fundamentals Configuring An IPsec VPNIPsec Modes Policy Vs Route Based VPNs Public Key And Pre-shared Keys Supported Encryption Protocols X509 Certificates Other Configuration Supporting IPSecNAT Traversal VPN Main Menu Before Key Generation Openswan Configuration ProcessVPN Main Menu IPsec and Router InterfacesPage IPsec VPN Configuration After Connections Have Been Created Server Configuration Preshared Keys Public Key VPN Connections List CertificatesIPsec VPN Connection Details Page Export Configuration Left/Right Systems Settings IPsec Status Showing IPsec Status Select a Certificate Authority IPSec X.509 Roaming Client Example Router IPSec Configuration VPN Networking Parameters Client ConfigurationGenerate X.509 Certificates Ethernet Port Configuration Firewall IPSec ConfigurationPage Quagga, RIP and Ospf Configuring Dynamic RoutingRIP Fundamentals Key Ospf And RIP Parameters Ospf FundamentalsLink State Advertisements Network Areas Router-ID Active/Passive Interface DefaultHello Interval and Dead Interval Redistributing Routes Ospf Authentication Configuring Ospf Link CostsRIP Authentication Link Detect Administrative Distances Area And Subnets Ospf And Vrrp Example NetworkVrrp Operation Dynamic Routing Enable Protocols Core Global Parameters CoreCore Interface Parameters View Core Configuration Ospf Global Parameters OspfPage Ospf Interfaces Ospf Interfaces Ospf Network Areas View Ospf ConfigurationOspf Status RIP Global Parameters RIP Global Parameters RIP Key Chains RIP Interfaces RIP Networks RIP Networks RIP Status View RIP ConfigurationPage Link Backup Fundamentals Configuring Link BackupPath Failure Discovery Link Backup Configuration Link Backup Main MenuUse Of Routing Protocols And The Default Route Edit Link Backup Configuration Link Backup Status Link Backup LogsTest Link Backup Page Page Problem With Static Routing Configuring VrrpVrrp Solution Vrrp Fundamentals Vrrp Example Page Vrrp Main Menu Vrrp Configuration Vrrp Instance Editing a Vrrp Instance Vrrp Instances Status Viewing Vrrp Instances Status Traffic Prioritization Fundamentals Configuring Traffic PrioritizationPriority Queues Filters Included With Traffic Prioritization TOS Prioritization Prioritization Example Interface Prioritization Menu Traffic Prioritization Main Menu Prioritization Filters Prioritization QueuesPrioritization Transmit Queue Length Prioritization Statistics Prioritization Statistics GRE Fundamentals Configuring Generic Routing Encapsulation GRE Main Menu GRE Configuration MenuPage Network Utilities Main Menu Network Utilities Traceroute Menu Ping Menu Trace Menu Host MenuTcpdump a Network Interface Serial Trace a Serial Server Port Frame Relay Link Layer Trace a WAN Interface Interface Statistics Menu Interface Statistics Menu Current Routing & Interface Table Current Routing & Interface Table Interface Status Page Serial IP Port Features Configuring Serial Protocols Character Encapsulation Serial Protocols ApplicationsRTU Polling Broadcast RTU Polling Host And Remote Roles Serial Protocols Concepts And IssuesUse Of Port Redirectors Message Packetization Serial Protocols Main Menu Use of Turnaround Delays Assign Protocols Menu Port Settings MenuRawSocket Menu Page Serial Protocols Statistics Menu Protocol Specific Packet Error Statistics Serial Protocols Trace Menu Serial Protocols Trace Menu Is provided Serial Protocols Sertrace UtilityPage IEC61850 Goose Fundamentals Configuring Goose TunnelsLayer 2 Tunnel Daemon Details Layer 2 Tunnels Main Menu Layer 2 Tunnels Main Menu Goose Tunnels Menu General Configuration Menu Activity Trace Menu Goose Statistics MenuPage Page Dhcp Fundamentals Configuring The Dhcp serverDhcp Network Organizations Dhcp Client OptionsPage Option 82 Support with Disable NAK Single Network With Option82 Clients On One Switch Example Dhcp Scenarios And ConfigurationsSingle Network With Dynamic IP Assignment Single Network With Static IP AssignmentPage Page Dhcp Server Menu Dhcp Server Main Menu Dhcp Shared Network Configuration Dhcp Shared Network Configuration Dhcp Subnet Configuration Dhcp Subnet Configuration Dhcp Host Configuration Dhcp Group Configuration Dhcp Pool Configuration Dhcp Pool Configuration NTP Fundamentals Configuring NTP NTP And The Precision Time Protocol Card NTP Sanity LimitIncluded With NTP Generic Options NTP Server Main Menu Peers Configuration Servers Configuration Viewing The NTP Log Viewing The NTP Status Viewing The GPS Log Viewing The GPS Status SSH Fundamentals Configuring SSHIncluded With SSH SSH Server SSH Main Menu Networking Access ControlPage IEEE1588 Fundamentals Configuring Irigb And IEEE1588PTP Network Roles PTP Master Election Synchronizing NTP from IEEE1588 Irigb FundamentalsIrigb Output Formats Reference Clocks GPS Cable compensationHow The Router Selects a Reference Clock IRIGB/IEEE1588 Main Menu General Configuration IEEE1588 Configuration Irigb Configuration IEEE1588 Status Irigb Status Irigb Log Page Snort Fundamentals Configuring The Snort IDSWhich Interfaces To Monitor Snort Rules Snort IDS Main Menu Global ConfigurationPerformance And Resources Rulesets Network SettingsRule Lookup by SID Alerts & Logging PreProcessors Edit Config File Alert System Maintaining The RouterAlert Menu Alert Configuration Menu Alert Configuration Alert Definition Configuration Alert Filter Configuration Change Alert Definition Page What And How Gauntlet Protects Gauntlet SecurityGauntlet And The Firewall Upgrading Gauntlet Gauntlet Status Menu System Backup And Restore Backup And Restore General Configuration Setup Archive History Archive Backup Archive Difference Tool Archive Restore Archive Differences List Show Difference for selected file between two targets Snmp Configuration System Configuration Snmp Configuration Main MenuNetwork Addressing Configuration Access Control page, Snmp V1 and V2c 250 RuggedCom Trap Configuration page, Trap Options Trap Configuration RuggedRouter supports the following MIBs MIB Support Radius Authentication Edit Radius Server Parameters Radius Authentication Configuration Outgoing Mail Parameter Description Chassis Parameters System Logs Syslog Factory Defaults Changing a Syslog entry to remote log Remote Logging RuggedRouter Software Fundamentals Upgrade System Automatic Upgrade When a Software Upgrade Requires a Reboot Change Repository Server Upgrade to RX1100 Upgrading All Packages Automatic Upgrading Pre-upgrade/Post-upgrade scripts Installing a New Package Upload/Download menu Uploading And Downloading Files Security Actions Security ConsiderationsPage Initial Repository Setup Appendix a Setting Up a RepositoryRepository Server Requirements Upgrading The Repository Setting Up The RoutersAn Alternate Approach Upgrading Considerations Appendix B Downgrading Router Software Apache Default Web Appendix C Installing Apache Web Server On WindowsPage Installing IIS Appendix D Installing IIS Web Server On Windows Windows Internet Authentication Service Appendix E Radius Server ConfigurationFreeRadius Edit Profile window, Click Add... button 276 RuggedCom RuggedCom 277 Dhcp Index Goose NTP SSH Vrrp