This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revisionLast revisionBoth sides next revision | ||
forward-basic [2022/01/11 18:35] – hogwild | forward-basic [2023/10/26 17:17] – [Advanced Scenarios] hogwild | ||
---|---|---|---|
Line 1: | Line 1: | ||
====== Port Forwarding - Basic ====== | ====== Port Forwarding - Basic ====== | ||
- | NAT (Network Address Translation) | + | When traffic |
- | Connections initiated on the Internet will not reach a LAN IP address, as the PAT table doesn' | + | \\ |
- | There are several types of NAT. The most common and relevant for FreshTomato is PAT (Port Address Translation). PAT is what FreshTomato performs by default. With PAT, translation happens not only between private and public IP addresses, but also between ports. For example, a request for an Internet connection from 192.168.0.100 to google.com will create a NAT mapping to allow the return packets to be sent to the correct LAN device on the correct port. However, there are cases where you want to have one port on the WAN always mapped/ | + | ==== NAT ==== |
- | NOTE: There's a legacy setting | + | NAT (Network Address Translation) is a feature which allows multiple LAN clients with private (non-routable) IP addresses to connect to the Internet via a single public IP address. NAT re-addresses outgoing packets to the Internet from private LAN clients with FreshTomato' |
+ | |||
+ | Connections initiated on the Internet will not reach a LAN IP address, as the PAT (Port Address Translation) table doesn' | ||
+ | |||
+ | \\ | ||
+ | |||
+ | ==== PAT ==== | ||
+ | |||
+ | There are several types of NAT. The most common and relevant for FreshTomato is PAT (Port Address Translation). By default, FreshTomato performs PAT translation. With PAT, translation happens not only between private and public IP addresses, but also between ports. For example, a request for an Internet connection from 192.168.0.100 to google.com will create a NAT mapping to allow the return packets to be sent to the correct LAN device | ||
+ | |||
+ | NOTE: There is an obsolete setting in the Miscellaneous section of some older versions | ||
\\ | \\ | ||
Line 15: | Line 25: | ||
\\ | \\ | ||
- | When traffic is initiated from the Internet towards FreshTomato' | + | **On:** Checking this enables |
- | **On:** This enables or disables the settings in that row of the table. (Deafult: Off). | + | **Protocol:** This selects which transport layer protocols are forwarded. (Default: UDP) |
- | **Protocol:** UDP/TCP/Both. This selects which transport layer protocols | + | |
+ | | ||
+ | | ||
- | **Src Address**: (Optional). This will restrict the rule to be applied only from specific source addresses. Contrary to the name, you can also use DNS hostnames and FQDN names here. Leaving this empty will set port forwarding to be "from anywhere" | + | \\ |
- | **Ext Port:** External port. This is the port the Internet connection is expecting to use. This defines the mapping itself. This can be an single port or a range, with syntax: " | + | [[https://wiki.freshtomato.org/ |
- | **Int Port:** (Optional). Internal Port. This allows you to use a different port on the target LAN IP address. Leaving this empty will use the same port as the Ext Port (Default: empty). | + | \\ |
- | **Int Address:** Internal Address. This specifies to which port on the LAN the trafffic should | + | **Src Address**: (Optional). This will restrict |
- | **Description:** Here, you can enter any text which helps you remember the reason for the mapping. Most people | + | **Ext Port:** This defines a mapping to the (external) port the Internet connection expects to use. It can be a single port or a range, with syntax: " |
+ | |||
+ | **Int Port:** (Optional). | ||
+ | |||
+ | **Int Address:** This specifies the internal address to which the port on the LAN the traffic should be redirected. | ||
+ | |||
+ | **Description: | ||
\\ | \\ | ||
- | [[https://wiki.freshtomato.org/lib/ | + | \\ |
+ | |||
+ | ==== Advanced Scenarios ==== | ||
+ | |||
+ | As we know, only one given socket (port/protocol combination) can be forwarded at any given time. For example, if port 80 is already redirected to 192.168.1.10, this port is now " | ||
+ | |||
+ | === Reverse Proxy === | ||
+ | |||
+ | In order to perform its job, a proxy must speak the protocol used by the application. For example, an HTTP proxy cannot serve SMTP. If you needed to redirect, say, HTTP to multiple internal hosts from the same external port, a reverse proxy is a good solution. According to HTTP v1.1, the target hostname must be included in the HTTP client request. This allows a proxy to fetch such information, | ||
+ | |||
+ | === Source Bound Redirection === | ||
+ | |||
+ | If the source IP and/or FQDN is well-known, you can create multiple port mapping references on the same port: | ||
+ | |||
+ | \\ | ||
+ | |||
+ | {{:pasted: | ||
+ | |||
+ | \\ | ||
+ | |||
+ | The above settings above would cause traffic from " | ||
+ | |||
+ | \\ | ||