Differences

This shows you the differences between two versions of the page.

--- forward-basic [2023/10/26 15:50] – [PAT] =spelling hogwild
+++ forward-basic [2023/10/26 17:27] (current) – [Advanced Scenarios] -condense hogwild
@@ Line 3: / Line 3: @@
 When traffic is initiated from the Internet towards FreshTomato's WAN IP on a specific port, it is either answered by FreshTomato (if a service is enabled for the port) or dropped. However, in some situations, you'll want WAN port traffic always redirected to a specific LAN IP address/port. This can be helpful for applications such an internal web/mail server, gaming, VoIP or certain VPN tunnelling protocols. The Basic Port Forwarding menu allows you to do this.
  \\
 ==== NAT ====
@@ Line 10: / Line 11: @@
 Connections initiated on the Internet will not reach a LAN IP address, as the PAT (Port Address Translation) table doesn't contain references to those connection attempts. By coincidence, this acts as minimal security feature.
  \\
 ==== PAT ====
@@ Line 50: / Line 52: @@
  \\
 ==== Advanced Scenarios ====
-As we know, only one given socket (port/protocol combination) can be forwarded at any given time. For example, if port 80 is already redirected to 192.168.1.10, this port is now "taken" from the router's pool and all inbound connections will be redirected to the mapped LAN IP address. However, there are two possible solutions to multiplex connectivity on the very same port.
+As we know, only one given socket (port/protocol combination) can be forwarded at any given time. For example, if port 80 is already redirected to 192.168.1.10, this port is now "taken" from the router's pool and all inbound connections will be redirected to the mapped LAN IP address. However, there are two ways to allow you to multiplex connectivity on the same port.
 === Reverse Proxy ===
-By definition, A proxy must speak the protocol used by the application to perform its job. For example, an HTTP proxy cannot serve SMTP.  If you need to redirect, say,  HTTP to multiple internal hosts from the same external port, a reverse proxy is a good solution. According to HTTP v1.1, the target hostname must be included in the HTTP client request. This allows a proxy to fetch such information, and redirect it according to the requested domain. Nginx is able to perform this so-called reverse-proxy for HTTP/HTTPS.
+In order to perform its job, a proxy must speak the protocol used by the application. For example, an HTTP proxy cannot serve SMTP.  If you needed to redirect, say,  HTTP to multiple internal hosts from the same external port, a reverse proxy is a good solution. According to HTTP v1.1, the target hostname must be included in the HTTP client request. This allows a proxy to fetch such information, and redirect it according to the requested domain. Nginx is able to perform this so-called reverse-proxy for HTTP/HTTPS.
 === Source Bound Redirection ===
@@ Line 67: / Line 68: @@
  {{:pasted:20231026-084901.png?750}}
-These settings would result in traffic from source.example.com (whatever IP address/es this resolves to) to port 80 and 443 being redirected to a specific LAN IP address but also traffic from any other source on such ports will be redirected to a different LAN IP address.
  \\
+The settings above would cause traffic from the IP address(es) of "source.example.com" towards ports 80 and 443 on the router, to be redirected to the specific LAN address in that rule. They would also cause traffic on such ports that was //not// from source.example.com to be redirected to a different LAN IP address.
  \\

FreshTomato Wiki

User Tools

Site Tools

Differences

Page Tools