Port Forwards
From UntangleWiki
Contents |
About Redirecting Network Traffic
You can redirect traffic across any of the Untangle Server's network interfaces. You can configure the Untangle Server to redirect network traffic that matches certain criteria.
The Untangle Server enables redirects from one IP address to another IP address, or from a specific source to a destination. More specifically, port forward rules apply if the Untangle Server has NAT enabled. Port Forwarding enables you to retain the security that NAT provides, yet still enable users to access certain services on your network. Port forward rules redirect traffic from an external IP to an internal computer.
The Untangle Server evaluates the port forward rules in the order that they are listed in the table, starting with the first rule in the table. For each new connection, the Untangle Server evaluates the traffic against active rules until a match (if any) is found. When a match is made, traffic is redirected as specified by the rule.
Keep in mind that your ISP can block ports using its router, and not the Untangle Server. The Untangle Server has no control over your ISP's router. If your ISP is blocking the ports required by a particular program, configure the program to use a different port, if possible. Sometimes programs allow you to set the port that it uses, then use some port that is not being blocked by your ISP. There is no way to get a list of ports that your ISP blocks, though perhaps a quick Internet search might do the trick; otherwise, you need to try one port at a time, until you find one that isn't being blocked.
Redirecting External and Internal Traffic
To learn about port forwarding, go to About Redirecting Network Traffic. There are two common scenarios in which you might want to use port forwarding:
- You want a web server to handle all web traffic. Redirect web traffic (port 80) to the external IP address (1.2.3.4) port 80 on your web server (192.168.1.100) in your internal network.
- You want a FTP Server to handle all FTP requests. Redirect FTP requests (port 21) to the external IP address (1.2.3.4) port 21 on your FTP server (192.168.1.101) in your internal network.
To create an advanced redirect rule:
Before You Begin:
Glance at the example outlined in Example: Redirecting FTP Traffic
- From the Navigation pane, choose Config > Networking.
- Click the Port Forward tab.
- Click the add (+) button. The Edit window launches.
- Select the Enabled checkbox if it isn't already.
This flag Enables/disables a rule's redirect functionality. Checking the enable rule box enables the rule and enables the Untangle Server ability to redirect traffic matching this active rule. Unchecking the enable rule box disables the rule. - In the Description text box, provide a description of the traffic type and the traffic's destination. For example, FTP to Small Business Server.
- In the Type drop-down lists, specify conditions to describe the traffic that you want to redirect. To add more conditions, click the Add button.
- Specify where you want to direct the traffic:
- Click Save. A new rule appears in the table.
Destination Address Destination IP address of the traffic if the traffic is not redirected. You indicate a wildcard by not specifying the value. To learn about IP address syntax, go to Networking and Web Address Syntax. Destination Local The traffic is destined to any of the Untangle Server's IPs. Destination Port Original destination port of the traffic. To learn about port syntax, go to Networking and Web Address Syntax. Protocol Network protocol of the traffic to forward. Valid values are TCP, UDP, PING or TCP & UDP. Source Address Source IP address of the traffic. You indicate a wildcard by not specifying the value. To learn about IP address syntax, go to Networking and Web Address Syntax. Source Interface Interface from which the Untangle Server receives traffic. Valid values are External, Internal, or DMZ. For information about the Untangle Server's network interfaces, see the discussion in Network Interfaces.
New Destination IP address of the host that will receive the traffic. To learn about IP address syntax, go to Networking and Web Address Syntax. New Port Port on the host that will receive the traffic. To learn about port syntax, go to Networking and Web Address Syntax.
Example: Redirecting FTP Traffic
In the following example all FTP traffic that reaches the Untangle Server's external interface is directed to a Small Business Server on the internal network.
