|
|
Complete PDF manual
PDF of this chapter
Inbound Rules Examples
LAN WAN Inbound Rule: Hosting A Local Public Web Server
If you host a public Web server on your local network, you can define a rule to allow inbound Web (HTTP) requests from any outside IP address to the IP address of your Web server at any time of day. This rule is shown in Figure 4-9.
LAN WAN Inbound Rule: Allowing Videoconference from Restricted Addresses
If you want to allow incoming videoconferencing to be initiated from a restricted range of outside IP addresses, such as from a branch office, you can create an inbound rule. In the example, CU-SeeMe connections are allowed only from a specified range of external IP addresses.
LAN WAN or DMZ WAN Inbound Rule: Setting Up One-to-One NAT Mapping
In this example, we will configure multi-NAT to support multiple public IP addresses on one WAN interface. By creating an inbound rule, we will configure the firewall to host an additional public IP address and associate this address with a Web server on the LAN.
If you arrange with your ISP to have more than one public IP address for your use, you can use the additional public IP addresses to map to servers on your LAN or DMZ. One of these public IP addresses will be used as the primary IP address of the router. This address will be used to provide Internet access to your LAN PCs through NAT. The other addresses are available to map to your servers.
The following addressing scheme is used to illustrate this procedure:
- Netgear FVX538 ProSafe VPN Firewall
- Web server PC on the firewall's LAN
- LAN IP address: 192.168.1.2
- DMZ IP Address: 192.168.10.2
- Access to Web server is (simulated) public IP address: 10.1.0.52
To configure the FVX538 for additional IP addresses:
- Select Security from the main menu and Firewall Rules from the submenu.
- If your server is to be on your LAN, select LAN WAN Rules.
If your server is to be on your DMZ, select DMZ WAN Rules.- Click Add under the Inbound Services table. The Add LAN WAN Inbound Service screen will display.
- From the Action pull-down menu, select Allow Always.
- In the Send to LAN Server field, enter the local IP address of your Web server PC.
- From the Public Destination IP Address pull down menu, choose Other Public IP Address.
- Enter one of your public Internet addresses that will be used by clients on the Internet to reach your Web server.
- Click Apply.
Your rule will now appear in the Inbound Services table of the Rules menu (see Figure 4-12). This rule is different from a normal inbound port forwarding rule in that the Destination box contains an IP Address other than your normal WAN IP Address.
To test the connection from a PC on the Internet, type http://<IP_address>, where <IP_address> is the public IP address you have mapped to your Web server. You should see the home page of your Web server.
LAN WAN or DMZ WAN Inbound Rule: Specifying an Exposed Host
Specifying an exposed host allows you to set up a computer or server that is available to anyone on the Internet for services that you have not yet defined.
To expose one of the PCs on your LAN or DMZ as this host:
- Create an inbound rule that allows all protocols.
- Place the rule below all other inbound rules.
|
NETGEAR, Inc. http://www.netgear.com |
|
|
