Справочник Пользователя для ASUS rx3041h
RX3041H User’s Manual
Chapter 9. Configuring Firewall/NAT Settings
55
9.2.4
Reverse Static NAT
Reverse static NAT maps a globally valid IP address to an internal host address for the inbound traffic. All
packets coming to that globally valid IP address are relayed to the Internal address. This is useful when
hosting services in an internal machine. Figure 9.5 shows that four globally valid IP addresses are mapped to
four hosts on the internal network and each can be used to host some services for inbound traffic, e.g. FTP
server.
packets coming to that globally valid IP address are relayed to the Internal address. This is useful when
hosting services in an internal machine. Figure 9.5 shows that four globally valid IP addresses are mapped to
four hosts on the internal network and each can be used to host some services for inbound traffic, e.g. FTP
server.
9.2.5 Reverse
NAPT
/ Virtual Server
Reverse NAPT is also called inbound mapping, port mapping, or virtual server. Any packet coming to the
RX3041H can be relayed to the internal host based on the protocol, port number and/or IP address specified in
the ACL rule. This is useful when multiple services are hosted on different internal machines. Figure 9.6 shows
that web server (TCP/80) is hosted on PC A, telnet server (TCP/23) on PC B, DNS server (UDP/53) on PC C
and FTP server (TCP/21) on PC D. This means that the inbound traffic of these four services will be directed to
respective host hosting these services.
RX3041H can be relayed to the internal host based on the protocol, port number and/or IP address specified in
the ACL rule. This is useful when multiple services are hosted on different internal machines. Figure 9.6 shows
that web server (TCP/80) is hosted on PC A, telnet server (TCP/23) on PC B, DNS server (UDP/53) on PC C
and FTP server (TCP/21) on PC D. This means that the inbound traffic of these four services will be directed to
respective host hosting these services.
9.3 ACL Rule Configuration Parameters
Table 9.1 describes the configuration parameters available for firewall ACL rules.
Table 9.1. ACL Rule Configuration Parameters
Field
Description
ID
Add New
Click on this option to add a new ACL rule.
Rule Number
Select a rule from the drop-down list, to modify its attributes.
Action
Allow
Select this button to configure the rule as an allow rule.
This rule when bound to the Firewall will allow matching packets to pass
through.
This rule when bound to the Firewall will allow matching packets to pass
through.
Deny
Select this button to configure the rule as a deny rule.
This rule when bound to the Firewall will not allow matching packets to
pass through.
This rule when bound to the Firewall will not allow matching packets to
pass through.
Mave to
This option allows you to set a priority for this rule. The RX3041H Firewall acts on packets based on
the priority of the rules. Set a priority by specifying a number for its position in the list of rules:
the priority of the rules. Set a priority by specifying a number for its position in the list of rules:
1 (First)
This number marks the highest priority.
Other numbers
Select other numbers to indicate the priority you wish to assign to the rule.
Source IP
This option allows you to set the source network to which this rule should apply. Use the drop-down
list to select one of the following options:
list to select one of the following options:
Any
This option allows you to apply this rule to all the computers in the source
network, such as those on the Internet for inbound ACL rules and those on
the LAN for outbound ACL rules.
network, such as those on the Internet for inbound ACL rules and those on
the LAN for outbound ACL rules.
IP Address
This option allows you to specify an IP address on which this rule will be
applied.
applied.