This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revision | ||
forward-basic [2024/10/09 22:48] – [PAT] hogwild | forward-basic [2025/08/23 16:57] (current) – [PAT] -Resize Gateway option screenshot to 281 hogwild | ||
---|---|---|---|
Line 1: | Line 1: | ||
====== Port Forwarding - Basic ====== | ====== Port Forwarding - Basic ====== | ||
- | When traffic is initiated from the Internet | + | When traffic is initiated from the Internet |
+ | |||
+ | However, in some situations, you'll want WAN port traffic redirected to a specific LAN IP address/ | ||
\\ | \\ | ||
+ | |||
==== NAT ==== | ==== NAT ==== | ||
- | NAT (Network Address Translation) is a feature that allows multiple LAN clients with private (non-routable) IP addresses to connect to the Internet via a single public IP address. | + | Network Address Translation allows multiple LAN clients with private (non-routable) IP addresses to connect to the Internet via a single public IP address. |
- | NAT re-addresses outgoing packets to the Internet from private LAN clients with FreshTomato' | + | NAT re-addresses outgoing packets to the Internet from private LAN clients with FreshTomato' |
NAT takes traffic from network 1 and makes it appear on network 2 as if it's coming from the router IP address on network 2. The store of address mappings and open/closed connections is called the NAT Table. | NAT takes traffic from network 1 and makes it appear on network 2 as if it's coming from the router IP address on network 2. The store of address mappings and open/closed connections is called the NAT Table. | ||
Line 20: | Line 23: | ||
==== PAT ==== | ==== PAT ==== | ||
- | There are several types of NAT. The most common | + | There are several types of NAT. The most common/relevant |
Note that there' | Note that there' | ||
Line 26: | Line 29: | ||
\\ | \\ | ||
- | [[https:// | + | [[https:// |
\\ | \\ | ||
- | **On: | + | **On: |
\\ | \\ | ||
- | **Protocol: | + | **Protocol: |
- | * UDP - Only UDP connections are forwarded | + | * UDP - only UDP connections are forwarded |
- | * TCP - Only TCP connections are forwarded | + | * TCP - only TCP connections are forwarded |
- | * Both - Both UDP and TCP connections are forwarded | + | * Both - both UDP and TCP connections are forwarded |
\\ | \\ | ||
- | [[https:// | + | [[https:// |
\\ | \\ | ||
- | **Src Address**: | + | **Src Address**: |
+ | |||
+ | DNS hostnames, FQDN names and IP addresses are valid here. Leaving this empty configures port forwarding "from any address" | ||
\\ | \\ | ||
- | **Ext Port: | + | **Ext Port: |
+ | |||
+ | This can be a single port/range, with syntax: " | ||
\\ | \\ | ||
- | **Int Port: | + | **Int Port: |
+ | |||
+ | Leaving this empty uses the same port as the Ext Port setting (Default: empty). | ||
\\ | \\ | ||
- | **Int Address: | + | **Int Address: |
\\ | \\ | ||
- | **Description: | + | **Description: |
+ | |||
+ | Most users enter the application name or protocol used. For example: " | ||
\\ | \\ | ||
Line 71: | Line 82: | ||
==== Advanced Scenarios ==== | ==== Advanced Scenarios ==== | ||
- | As we know, only one given socket (port/ | + | Only one given socket (port/ |
=== Reverse Proxy === | === Reverse Proxy === | ||
- | In order to perform | + | To do its job, a proxy must speak the protocol used by the application. For example, an HTTP proxy cannot serve SMTP. If you need to redirect, say, HTTP to multiple internal hosts from the same external port, a reverse proxy is a good solution. According to HTTP v1.1, the target hostname must be included in the HTTP client request. This allows a proxy to fetch such information, |
=== Source Bound Redirection === | === Source Bound Redirection === | ||
- | If the source IP and/or FQDN is well-known, you can create multiple port mapping references on the same port: | + | If the source IP and/or FQDN is well-known, you can create multiple port mapping references on the same port: |
\\ | \\ | ||
- | {{:pasted:20231026-084901.png?750}} | + | {{::port_forwarding-basic-multiple_port_mappings-2024.3.png?800}}\\ \\ |
+ | |||
+ | The above settings would cause traffic from the IP addresses of " | ||
\\ | \\ | ||
- | The settings above would cause traffic from the IP address(es) of "source.example.com" towards ports 80 and 443 on the router, to be redirected to the specific LAN address in that rule. They would also cause traffic on such ports that was //not// from source.example.com to be redirected to a different LAN IP address. | + | Note that the "Src. Address" |
\\ | \\ | ||
+ | |||
+ | ^ On ^ Protocol | ||
+ | | ⭐ | TCP | | 80,443 | | 192.168.1.5 | Main webserver | | ||
+ | | ⭐ | TCP | source1.example.com | 80,443 | | 192.168.1.6 | Second webserver | | ||
+ | | ⭐ | TCP | source2.example.com | 80,443 | | 192.168.1.6 | Second webserver | | ||
+ | |||
+ | \\ \\ | ||