Hi
I'm setting up my first test ClearOS network here (and no plan of DMZ because it is to be set up as firewall VM on Hyper-V so literally say all VMs should be on DMZ but I still want to use private IP subnet)
I tried using 1-1 NAT firewall however it doesn't seem to allow forwarding port from one port to another.
Is there a way to achieve so? (if so I guess it will be making use of the Custom Firewall?) However can anyone help to guide me through how does it work please?
Thank you
I'm setting up my first test ClearOS network here (and no plan of DMZ because it is to be set up as firewall VM on Hyper-V so literally say all VMs should be on DMZ but I still want to use private IP subnet)
I tried using 1-1 NAT firewall however it doesn't seem to allow forwarding port from one port to another.
Is there a way to achieve so? (if so I guess it will be making use of the Custom Firewall?) However can anyone help to guide me through how does it work please?
Thank you
In Firewall
Share this post:
Responses (3)
-
Accepted Answer
-
Accepted Answer
Yup, it's a limitation of the 1-to-1 NAT app. We recommend creating the 1-to-1 NAT rule and then adding a custom firewall rule to do the re-mapping. I don't see this particular use case in the custom firewall examples, but ClearOS Support can quickly provide the details. -
Accepted Answer
Hmm. I am not sure if you can use a custom firewall rule too easily in conjunction with 1-to-1 NAT although I have not tested this statement. If the 1-to-1 module creates a firewall rule in the PREROUTING then it will be important that the custom firewall rule gets loaded after the 1-to-1 NAT as it also needs to use the PREROUTING chain, so its rule must appear before the 1-to-1 rule so it takes precedence.
BTW the Webconfig could also be better laid out when adding a port forwarding rule (in my opinion). You'd want the second option "Port". The From Port is obvious. The To Port would do better to appear after the IP Address field to make it clear you are not forwarding a range of ports. Also the IP Address would be better labelled To IP Address.
Please login to post a reply
You will need to be logged in to be able to post a reply. Login using the form on the right or register an account if you are new here.
Register Here »