background image
Internet Security Router User
’s Manual
Chapter 9. Configuring Firewall/NAT Settings
49
9.2.4
Reverse Static NAT
Reverse static NAT maps a globally valid IP address to an internal host address for the inbound traffic. All
packets coming to that globally valid IP address are relayed to the Internal address. This is useful when
hosting services in an internal machine. Figure 9.5 shows that four globally valid IP addresses are mapped to
four hosts on the internal network and each can be used to host some services for inbound traffic, e.g. FTP
server.
9.2.5
Reverse NAPT / Virtual Server
Reverse NAPT is also called inbound mapping, port mapping, or virtual server. Any packet coming to the
Internet Security Router can be relayed to the internal host based on the protocol, port number and/or IP
address specified in the ACL rule. This is useful when multiple services are hosted on different internal
machines. Figure 9.6 shows that web server (TCP/80) is hosted on PC A, telnet server (TCP/23) on PC B,
DNS server (UDP/53) on PC C and FTP server (TCP/21) on PC D. This means that the inbound traffic of
these four services will be directed to respective host hosting these services.
9.3
Configuring Inbound ACL Rules
By creating ACL rules in Inbound ACL configuration page as shown in Figure 9.7, you can control (allow or
deny) incoming access to computers on your LAN.
Options in this configuration page allow you to:
„ Add a rule, and set parameters for it
„ Modify an existing rule
„ Delete an existing rule
„ View configured ACL rules
Figure 9.7. Inbound ACL Configuration Page
9.3.1
Inbound ACL Rule Configuration Parameters
Table 9.1 describes the configuration parameters available for firewall inbound ACL rule.
Table 9.1. Inbound ACL Rule Configuration Parameters
Field
Description