Re: [Efw-user] Confused about port forwarding in Endian 2.3

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

http://docs.endian.com/firewall.html

This the documentation, but I must say it is very brief !

Still don't know if I need Destination NAT or Source NAT. Both are
offering the NATting of a public IP-address to a private IP-address.

If I'm running a webserver, Source NAT will offer me the ability to
portforward incoming traffic on my public IP-address to the private
address of the webserver.
The documentation even states "Adding Source NAT rules is similar to
adding port forwarding rules"

In my opinion Destination NAT goes a little bit further. The
documentation states :
"It is possible to define which port on which interface should be
forwarded to a given host and port".

So here I can even implement a port-forwarding rule from the GREEN
network to the ORANGE network. So if I state that port 80 needs to be
forwarded to the webserver on the ORANGE network I will be unable to
browse websites on the public Internet.

So am I right that Source NAT is port forwarding from RED to GREEN or
ORANGE ??
And am I right that Destination NAT is port forwarding from whichever
network to whichever network ?? (GREEN to GREEN, GREEN to ORANGE, GREEN
to RED, ORANGE to GREEN,...)

Really need some clarification here !!

Jonas.

On Thu, 2009-11-12 at 21:30 +0000, oneforall immortal wrote:

> Hi
>  I have the same problem too with this weird split tabs . 
> I'm just about to give up and use 2.2 again since it made more sense
> I'm trying to get incoming port 587 to redirect to my mail box on the
> lan(green) but I see in the /var/log/messages it is getting INPUT:DROP
> But I have <ANY Uplink>(tried Uplink main [RED])  192,168,1,2 Allow
> with ips(tried ALLOW)
> User defined TCP 587  Translate to ip nat 192.168.1.2 port 587
> It was so much easier the old way . I even tried the incomimng ,which
> I thought should be it since its an incomimg port I want to redirect.
> But neither allows you to say what the incoming port is . I don't
> think we really want it to be any . I also can't tell the diff with
> Destination NAT  and Incoming routed traffic. The names are a bit
> misleading .
> The help also isn't working :
> Not Found
> The requested URL /2.3/en/firewall.html was not found on this server.
> Apache/2.0.52 (CentOS) Server at docs.endian.com Port 80
> Some new things look really good. But I need my incoming email to
> work :)
> Also this eamil system is so darn complicated to use. I can't figure
> out how to add coments or add a new bug etc.
> So far because i got your email I'm trying to use this to hopefully
> get answers and see it added to yours to confirm it.
> But even the email didn't have a link to yours . It took me a whiel to
> figure it out where to go O.o
>  I thought kde mail was bad .:)