FreshTomato Wiki

User Tools

Site Tools

Trace:
forward-basic

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
forward-basic [2025/08/23 14:59] – [NAT] -Condense hogwildforward-basic [2025/08/23 16:57] (current) – [PAT] -Resize Gateway option screenshot to 281 hogwild
Line 23: Line 23:
 ==== PAT ==== ==== PAT ====
  
-There are several types of NAT. The most common and relevant for FreshTomato is PAT (Port Address Translation). PAT is FreshTomato's default. With PAT, translation happens not only between private and public IP addresses, but also between ports. For example, a request for an Internet connection from 192.168.0.100 to google.com will create a NAT mapping to allow the return packets to be sent to the correct LAN device on the correct port. However, in some cases, you may want to have one port on the WAN always mapped/redirected to a single LAN client.+There are several types of NAT. The most common/relevant type for FreshTomato is Port Address TranslationFreshTomato's default. With PAT, translation happens not only between private and public IP addresses, but also between ports. For example, a request for an Internet connection from 192.168.0.100 to google.com will create a NAT mapping to allow the return packets to be sent to the correct LAN device on the correct port. However, in some cases, you may want to have one port on the WAN always mapped/redirected to a single LAN client.
  
 Note that there's an obsolete setting in the [[advanced-misc|Miscellaneous]] menu of some old versions that suggests FreshTomato can operate in Gateway mode or Router mode. Ignore it, and leave it set to "Gateway", regardless of your configuration. Note that there's an obsolete setting in the [[advanced-misc|Miscellaneous]] menu of some old versions that suggests FreshTomato can operate in Gateway mode or Router mode. Ignore it, and leave it set to "Gateway", regardless of your configuration.
Line 29: Line 29:
  \\  \\
  
-[[https://wiki.freshtomato.org/lib/exe/detail.php?id=basic&media=a16bb07aecd3c3d8967615c6fef64760.png|{{:a16bb07aecd3c3d8967615c6fef64760.png}}]]+[[https://wiki.freshtomato.org/lib/exe/detail.php?id=basic&media=a16bb07aecd3c3d8967615c6fef64760.png|{{:a16bb07aecd3c3d8967615c6fef64760.png?281}}]]
  
  \\  \\
Line 45: Line 45:
 \\ \\
  
-[[https://wiki.freshtomato.org/lib/exe/detail.php?id=basic&media=b8fb9f003cf7ce3ff22f2bd6f1cfccbc.png|{{:b8fb9f003cf7ce3ff22f2bd6f1cfccbc.png?758}}]]+[[https://wiki.freshtomato.org/lib/exe/detail.php?id=basic&media=b8fb9f003cf7ce3ff22f2bd6f1cfccbc.png|{{:b8fb9f003cf7ce3ff22f2bd6f1cfccbc.png?817}}]]
  
  \\  \\
Line 61: Line 61:
  \\  \\
  
-**Int Port:** this option lets you specify a different (internal) port for the target LAN IP address.+**Int Port:** this lets you specify a different (internal) port for the target LAN IP address.
  
 Leaving this empty uses the same port as the Ext Port setting (Default: empty). Leaving this empty uses the same port as the Ext Port setting (Default: empty).
Line 78: Line 78:
  
  \\  \\
 +
  
 ==== Advanced Scenarios ==== ==== Advanced Scenarios ====
Line 85: Line 86:
 === Reverse Proxy === === Reverse Proxy ===
  
-To do its job, a proxy must speak the protocol used by the application. For example, an HTTP proxy cannot serve SMTP.  If you need to redirect, say,  HTTP to multiple internal hosts from the same external port, a reverse proxy is a good solution. According to HTTP v1.1, the target hostname must be included in the HTTP client request. This allows a proxy to fetch such information, and redirect it to to the requested domain. Nginx is able to perform this reverse-proxy for HTTP/HTTPS.+To do its job, a proxy must speak the protocol used by the application. For example, an HTTP proxy cannot serve SMTP.  If you need to redirect, say,  HTTP to multiple internal hosts from the same external port, a reverse proxy is a good solution. According to HTTP v1.1, the target hostname must be included in the HTTP client request. This allows a proxy to fetch such information, and redirect it to to the requested domain. Nginx is able to perform this reverse-proxy for HTTP(S).
  
 === Source Bound Redirection === === Source Bound Redirection ===
  
-If the source IP and/or FQDN is well-known, you can create multiple port mapping references on the same port:protocol combination, as long as the source is defined differently.  The following settings would work fine:+If the source IP and/or FQDN is well-known, you can create multiple port mapping references on the same port:protocol combination, as long as the source is defined differently. For example, the following settings would work fine:
  
  \\  \\
  
- {{:pasted:20231026-084901.png?750}} +{{::port_forwarding-basic-multiple_port_mappings-2024.3.png?800}}\\  \\
- +
- \\+
  
-The above settings would cause traffic from the IP address(es) of "source.example.com" towards ports 80 and 443 on the router, to be redirected to the specific LAN address in that rule. They would also cause traffic on such ports that was //not// from source.example.com to be redirected to a different LAN IP address. As a general guideline, "Src. Address" empty means "Any", where "Int Port" empty means "same port as External".+The above settings would cause traffic from the IP addresses of "source.example.com" towards ports 80 and 443 on the router, to be redirected to the LAN address in that rule. They would also cause traffic on such ports that was //not// from "source.example.comto be redirected to a different LAN IP address. As a guideline, "Src. Address" empty means "Any", where "Int Port" empty means "same port as External".
  
  \\  \\
  
-Please note the "Src. Address" might contain maximum 1 reference. If there's a need to define multiple sources (e.g. clients with DDNS defined) you'll need to dedicate one line in the table for each source/wan-client e.g+Note that the "Src. Address" may contain only one reference. To define multiple sources (say, clients with DDNS defined)you must dedicate one line in the table for each Source/WAN-client. For example:
  
  \\  \\
  
-^  On  ^  Protocol  ^  Src. Address  ^  Ext Ports  ^  Int Port  ^  Int. Address Desciption +^  On  ^  Protocol  ^  Src. Address  ^  Ext Ports  ^  Int Port  ^  Int. Address  Description  
-| ⭐ | TCP | | 80,443 | | 192.168.1.5 | Main webserver |  +| ⭐ | TCP |   | 80,443 |   | 192.168.1.5 | Main webserver | 
-| ⭐ | TCP | source1.example.com | 80,443 | | 192.168.1.6 | Secondary webserver | +| ⭐ | TCP | source1.example.com | 80,443 |   | 192.168.1.6 | Second webserver | 
-| ⭐ | TCP | source2.example.com | 80,443 | | 192.168.1.6 | Secondary webserver |+| ⭐ | TCP | source2.example.com | 80,443 |   | 192.168.1.6 | Second webserver |
  
  \\ \\  \\ \\
  
  
forward-basic.1755957591.txt.gz · Last modified: by hogwild

Page Tools

Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki