Hi! its dosen't matter where use.
Some simple example: DNAT: incoming connection from internet to PUBLIC IP address http port. (your http server in your network with PRIVATE ip address) Connection: 195.x.x.x(client from internet,source) to PUBLICIP(destination) TCP 80 rule: Source(ALL client in the world) Target(your UPLINK or RED) Service/Port TCP/80 Translate to 192.168.1.2(youe PRIVATE webserver) after "translation" looks like this: 195.x.x.x(client from internet,source) to 192.168.1.2(destination) TCP 80 You see DNAT translate destination address. SNAT: example(last time i set similar rule..) you have Special VPN router in DMZ, the default GW not endian, the device forward all packages to GW when try to reach 192.168.0.x network. the device only known 172.16.0.x is a LAN. GREEN: 192.168.0.x ORANGE: 172.16.0.x endianip: 172.16.0.1 You try to connect your client Connection: 192.168.0.2(source) to 172.16.0.2(VPNrouter,destination) http port. You cant connect, because 172.16.0.2 sent packages to 192.168.0.2 via own other gateway. rule: Source(192.168.0.2 or GREEN) Destination(172.16.0.2) Service/Port TCP/80 Translate to 172.16.0.1(your endian IP) after "translation" looks like this: 172.16.0.1(source) to 172.16.0.2(destination) TCP 80 Now, VPNrouter able to sent back packeges ( endian translate ip back to original source) and you receive on your client. i hope that helps. Zola 2009/11/16 jonas kellens <jonas.kell...@telenet.be>: > http://docs.endian.com/firewall.html > > This the documentation, but I must say it is very brief ! > > Still don't know if I need Destination NAT or Source NAT. Both are offering > the NATting of a public IP-address to a private IP-address. > > If I'm running a webserver, Source NAT will offer me the ability to > portforward incoming traffic on my public IP-address to the private address > of the webserver. > The documentation even states "Adding Source NAT rules is similar to adding > port forwarding rules" > > In my opinion Destination NAT goes a little bit further. The documentation > states : > "It is possible to define which port on which interface should be forwarded > to a given host and port". > > So here I can even implement a port-forwarding rule from the GREEN network > to the ORANGE network. So if I state that port 80 needs to be forwarded to > the webserver on the ORANGE network I will be unable to browse websites on > the public Internet. > > So am I right that Source NAT is port forwarding from RED to GREEN or ORANGE > ?? > And am I right that Destination NAT is port forwarding from whichever > network to whichever network ?? (GREEN to GREEN, GREEN to ORANGE, GREEN to > RED, ORANGE to GREEN,...) > > Really need some clarification here !! > > Jonas. > > On Thu, 2009-11-12 at 21:30 +0000, oneforall immortal wrote: > > Hi > I have the same problem too with this weird split tabs . > I'm just about to give up and use 2.2 again since it made more sense > I'm trying to get incoming port 587 to redirect to my mail box on the > lan(green) but I see in the /var/log/messages it is getting INPUT:DROP > But I have <ANY Uplink>(tried Uplink main [RED]) 192,168,1,2 Allow with > ips(tried ALLOW) > User defined TCP 587 Translate to ip nat 192.168.1.2 port 587 > It was so much easier the old way . I even tried the incomimng ,which I > thought should be it since its an incomimg port I want to redirect. But > neither allows you to say what the incoming port is . I don't think we > really want it to be any . I also can't tell the diff with Destination NAT > and Incoming routed traffic. The names are a bit misleading . > The help also isn't working : > Not Found > The requested URL /2.3/en/firewall.html was not found on this server. > Apache/2.0.52 (CentOS) Server at docs.endian.com Port 80 > Some new things look really good. But I need my incoming email to work :) > Also this eamil system is so darn complicated to use. I can't figure out how > to add coments or add a new bug etc. > So far because i got your email I'm trying to use this to hopefully get > answers and see it added to yours to confirm it. > But even the email didn't have a link to yours . It took me a whiel to > figure it out where to go O.o > I thought kde mail was bad .:) > > > ------------------------------------------------------------------------------ > Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day > trial. Simplify your report design, integration and deployment - and focus > on > what you do best, core application coding. Discover what's new with > Crystal Reports now. http://p.sf.net/sfu/bobj-july > _______________________________________________ > Efw-user mailing list > Efw-user@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/efw-user > > ------------------------------------------------------------------------------ Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july _______________________________________________ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user
