Print

Please login or register.
1 Hour 1 Day 1 Week 1 Month Forever
Login with username, password and session length

[ginopaleo]

First of all, excuse me for my English. I'me becoming stuck with this issue that I'll try to explain in words. Please, what I need are the complete steps and sets of instructions for DFL-210. That's what I need to do.
I have an Internet Public IP given by my provider, say 1.1.1.1
I receive on the public port 4321 (say 1.1.1.1:4321) incoming traffic (say traffic generated by service all_tcp).
I want to forward all this TCP traffic to a given PC of my internal network (say 192.168.1.1) on a given port 1234 (say 192.168.1.1:1234)
So I need port forwarding and port mapping too.

all_tcp 1.1.1.1:4321--->192.168.1.1:1234

I read several topics, but found no solutions, because my incoming traffic comes on a given external port and I want to forward it to another given internal port. Can someone give me the whole set of instructions, please? Thanks a lot.

[juanjo]

Hello ginopaleo

1.- Create SAT rule; source interface=wan; source network=all_nets; destination interface=core; destination network=wan_ip;
2.- In the SAT options; destination_ip=your internal pc; new_port=your new port; check allow_to_one_mapping
3.- Create ALLOW rule with the same parameters as SAT rule.

Regards

[ginopaleo]

Thanks juanjo, I'll write the rules as soon as possible, because I can't still install the new DFL-210.
I don't understand a thing, reading your reply.
I don't want to redirect on my internal PC all the traffic incoming from 0-65535 external ports, but only the traffic incoming on the external 4321 port. This why, perhaps, I'll have different PCs processing TCP traffic incoming from different external ports, and I don't want them to process the "wrong port" traffic. The remaining traffic, coming from other external ports, will not be redirected, probably I'll drop it, unless I'll decide to let other two or three incoming ports opened for this PC.
So, I don't find any evidence on your reply about port 4321: don't I have to show it somewhere in any rule?
Second question: if I want to open also say ports 5555 and 9999 for this PC, I have to write three times the same set of rules?
Thanks


P.S. After I wrote my reply, I read about custom services allowing port translation... I think this is the way to investigate. My question is still alive, please tell me if you have solutions, thanks

[juanjo]

I don't understand a thing, reading your reply.
I don't want to redirect on my internal PC all the traffic incoming from 0-65535 external ports, but only the traffic incoming on the external 4321 port.

Yes,
when you create SAT and ALLOW rule, you must configure the port(s) that you need "redirect" or "convert" and "allow". This is done by the "service" parameter.

Regards

[ginopaleo]

Thanks juanjo, you're so kind so I keep on asking.

1) I read also the SAT RULE examples on the manual and they said (like you): destination network=wan_ip.
Why can't I write destination network=lannet?

2) You said to show the new port in the SAT tag: new_port= 1234, in my example. It involves that I have to create a new service TCP on port 4321. I remember you my example: I want to translate ext port 4321 into int port 1234 on a certain PC
2.1) Which is the right configuration for this service? (I've chosen TCP and UDP services)

     type=TCP
     source=0-65535
     destination=4321

         or

     type=TCP
     source=4321
     destination=4321

2.2)  If I write a new service translating 4321 in 1234 like this:

     type=TCP
     source=4321
     destination=1234

and then I don't fill the new_port field in the SAT tag, the system doesn't understand that the 1234 port belongs to my internal PC?

2.3) If I don't want to change the port number (ex: what incomes from the wan:4321 goes to the internalPC:4321) I just have not to fill the new_port field in SAT tag, isn't it?

I can't assure you that these will be my last questions......
Thank you

[juanjo]

Thanks juanjo, you're so kind so I keep on asking.

1) I read also the SAT RULE examples on the manual and they said (like you): destination network=wan_ip.
Why can't I write destination network=lannet?

Because the traffic arrives to wan_ip and must be processed by the Core interface

2) You said to show the new port in the SAT tag: new_port= 1234, in my example. It involves that I have to create a new service TCP on port 4321. I remember you my example: I want to translate ext port 4321 into int port 1234 on a certain PC

Yes

2.1) Which is the right configuration for this service? (I've chosen TCP and UDP services)

     type=TCP
     source=0-65535
     destination=4321

Right. Choose this.

2.2)  If I write a new service translating 4321 in 1234 like this:

     type=TCP
     source=4321
     destination=1234

and then I don't fill the new_port field in the SAT tag, the system doesn't understand that the 1234 port belongs to my internal PC?

Translate the port in the SAT rule as i told you in last posts.

2.3) If I don't want to change the port number (ex: what incomes from the wan:4321 goes to the internalPC:4321) I just have not to fill the new_port field in SAT tag, isn't it?

Yes.

Regards

[ginopaleo]

Thanks juanjo, there's a coffee, a breakfast, a lunch, a dinner ready for you!!!!
As soon as possible I'll write the rules in DFL-210 and try them.
Next step will be IPSec tunnels.
How do you say in English? Stay tuned.
Thanks a lot.