Port Forwarding- Very Quick question
-
Modifying some firewall rules so that all traffic on specific ports can hit the network where it needs to. If I remove the forward-to address on the port forwarding, will that allow traffic to go where it needs to?
-
@FiyaFly said:
Modifying some firewall rules so that all traffic on specific ports can hit the network where it needs to. If I remove the forward-to address on the port forwarding, will that allow traffic to go where it needs to?
You might be able to use a wildcard, but what you're describing isn't really port forwarding, it's filtering. Port forwarding is "any traffic on port 80 to our public IP gets forwarded to IP x.x.x.x internally". You're more describing port filtering, which if the ports are open, the requester just gets the traffic. If they're blocked, then only approved clients for those ports will get that type of traffic.
-
I know of know way to publish multiple machines behind a firewall to a single port on the outside except by putting a proxy machine in the middle.
Let's look at like this, let's assuming you have 3 email server, all receiving email on port 80. You can't simply allow port 80 traffic into your network for any and all internal devices (this would allow hackers to just do bad things). In order for inbound traffic to reach all three devices, you'll have to install a device that receives all the traffic and has rules on how to forward specific packets onto a specific email server.
What exactly are you trying to accomplish?
-
A firewall has three options with a port:
- open it (not available with NAT)
- block it
- forward it
That's all. There is no way to just have an open port with NAT. It can't conceptially happen.
-
Greg found this article, seems to cover things pretty well around what we're trying to set up.
http://help.fonality.com/IP_Phones/Remote_Phones#Multiple_phones_behind_one_router.2fNAT
