This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revision | ||
forward-basic [2023/06/27 16:35] – -formatting-add subheads for NAT, PAT hogwild | forward-basic [2023/10/26 17:27] (current) – [Advanced Scenarios] -condense hogwild | ||
---|---|---|---|
Line 3: | Line 3: | ||
When traffic is initiated from the Internet towards FreshTomato' | When traffic is initiated from the Internet towards FreshTomato' | ||
- | **NAT** | + | \\ |
+ | |||
+ | ==== NAT ==== | ||
NAT (Network Address Translation) is a feature which allows multiple LAN clients with private (non-routable) IP addresses to connect to the Internet via a single public IP address. NAT re-addresses outgoing packets to the Internet from private LAN clients with FreshTomato' | NAT (Network Address Translation) is a feature which allows multiple LAN clients with private (non-routable) IP addresses to connect to the Internet via a single public IP address. NAT re-addresses outgoing packets to the Internet from private LAN clients with FreshTomato' | ||
Line 9: | Line 11: | ||
Connections initiated on the Internet will not reach a LAN IP address, as the PAT (Port Address Translation) table doesn' | Connections initiated on the Internet will not reach a LAN IP address, as the PAT (Port Address Translation) table doesn' | ||
- | **PAT** | + | \\ |
+ | |||
+ | ==== PAT ==== | ||
There are several types of NAT. The most common and relevant for FreshTomato is PAT (Port Address Translation). By default, FreshTomato performs PAT translation. With PAT, translation happens not only between private and public IP addresses, but also between ports. For example, a request for an Internet connection from 192.168.0.100 to google.com will create a NAT mapping to allow the return packets to be sent to the correct LAN device on the correct port. However, in some cases, you may want to have one port on the WAN always mapped/ | There are several types of NAT. The most common and relevant for FreshTomato is PAT (Port Address Translation). By default, FreshTomato performs PAT translation. With PAT, translation happens not only between private and public IP addresses, but also between ports. For example, a request for an Internet connection from 192.168.0.100 to google.com will create a NAT mapping to allow the return packets to be sent to the correct LAN device on the correct port. However, in some cases, you may want to have one port on the WAN always mapped/ | ||
Line 35: | Line 39: | ||
\\ | \\ | ||
- | **Src Address**: (Optional). This will restrict the rule so it's applied only from specific source addresses. | + | **Src Address**: (Optional). This will restrict the rule so it's applied only from specific source addresses. DNS hostnames, FQDN names and IP addresses |
**Ext Port:** This defines a mapping to the (external) port the Internet connection expects to use. It can be a single port or a range, with syntax: " | **Ext Port:** This defines a mapping to the (external) port the Internet connection expects to use. It can be a single port or a range, with syntax: " | ||
- | **Int Port:** (Optional). Here, you can specify a different (internal) port to the target LAN IP address. Leaving this empty uses the same port as the Ext Port \\ (Default: empty). | + | **Int Port:** (Optional). Here, you can specify a different (internal) port for the target LAN IP address. Leaving this empty uses the same port as the Ext Port setting\\ (Default: empty). |
- | **Int Address:** This specifies the internal | + | **Int Address:** This specifies the internal |
**Description: | **Description: | ||
\\ | \\ | ||
+ | |||
+ | \\ | ||
+ | |||
+ | ==== Advanced Scenarios ==== | ||
+ | |||
+ | As we know, only one given socket (port/ | ||
+ | |||
+ | === Reverse Proxy === | ||
+ | |||
+ | In order to perform its job, a proxy must speak the protocol used by the application. For example, an HTTP proxy cannot serve SMTP. If you needed to redirect, say, HTTP to multiple internal hosts from the same external port, a reverse proxy is a good solution. According to HTTP v1.1, the target hostname must be included in the HTTP client request. This allows a proxy to fetch such information, | ||
+ | |||
+ | === Source Bound Redirection === | ||
+ | |||
+ | If the source IP and/or FQDN is well-known, you can create multiple port mapping references on the same port: | ||
+ | |||
+ | \\ | ||
+ | |||
+ | | ||
+ | |||
+ | \\ | ||
+ | |||
+ | The settings above would cause traffic from the IP address(es) of " | ||
\\ | \\ | ||