NAT and Port Forwarding
-
Port forwarding simply does all the magic by itself. It opens the firewall it creates the nap room all behind the scenes.
-
To do what you were doing you need a source and destination nat rule for each web server for the open ports only. Then also a firewall rule.
-
So you do not need a full 1:1 nat
-
The downside to port forwarding is that it only goes to your primary IP
-
@jaredbusch said in NAT and Port Forwarding:
The downside to port forwarding is that it only goes to your primary IP
That's what I thought. Thinking this through further, it looks like in a situation where you have a /30 network, you would just forward 80/443 to you reverse proxy, then that server forwards to the traffic to the appropriate web server.
-
@eddiejennings said in NAT and Port Forwarding:
@jaredbusch said in NAT and Port Forwarding:
The downside to port forwarding is that it only goes to your primary IP
That's what I thought. Thinking this through further, it looks like in a situation where you have a /30 network, you would just forward 80/443 to you reverse proxy, then that server forwards to the traffic to the appropriate web server.
Correct
-
@eddiejennings said in NAT and Port Forwarding:
@scottalanmiller said in NAT and Port Forwarding:
Why do we have three port 80s? There is only one web server that uses port 80.
Ah, I misremember then. In that case you'd need to forward three 443s.
@eddiejennings said in NAT and Port Forwarding:
@scottalanmiller said in NAT and Port Forwarding:
Why do we have three port 80s? There is only one web server that uses port 80.
Ah, I misremember then. In that case you'd need to forward three 443s.
You can do that and PF 3 ports and use the private IP to distinguish between the servers however note that some cheap network routers dont allow PF the same port twice.
Best route is to PF one that will act as proxy/load balancing unless those web servers are not similar in files hosted.
-
@emad-r said in NAT and Port Forwarding:
@eddiejennings said in NAT and Port Forwarding:
@scottalanmiller said in NAT and Port Forwarding:
Why do we have three port 80s? There is only one web server that uses port 80.
Ah, I misremember then. In that case you'd need to forward three 443s.
@eddiejennings said in NAT and Port Forwarding:
@scottalanmiller said in NAT and Port Forwarding:
Why do we have three port 80s? There is only one web server that uses port 80.
Ah, I misremember then. In that case you'd need to forward three 443s.
You can do that and PF 3 ports and use the private IP to distinguish between the servers however note that some cheap network routers dont allow PF the same port twice.
He is specifically using the EdgeRouter LITE as noted in the first post.
The ERL can only port forward from a single inbound IP to. Very few routers have this in the port forwarding section. Actually, no current routers that I am aware of.
The ERL, as well as everything else, can do it with a destination NAT rule and matching source NAT rule.
-
@emad-r said in NAT and Port Forwarding:
Best route is to PF one that will act as proxy/load balancing unless those web servers are not similar in files hosted.
He has a /29 block and various servers using those IPs. To do this one would have to change the DNS to use a single IP.
Otherwise, even if it was all going to a single internal proxy, you would still need the previiously mentioned destination and source NAT rules. -
@jaredbusch said in NAT and Port Forwarding:
The downside to port forwarding is that it only goes to your primary IP
Yeah, that can be very limiting. Seems like that would be easy to expand on their side.
-
@scottalanmiller said in NAT and Port Forwarding:
@jaredbusch said in NAT and Port Forwarding:
The downside to port forwarding is that it only goes to your primary IP
Yeah, that can be very limiting. Seems like that would be easy to expand on their side.
Does VyOS have this feature?
-
@jaredbusch said in NAT and Port Forwarding:
@scottalanmiller said in NAT and Port Forwarding:
@jaredbusch said in NAT and Port Forwarding:
The downside to port forwarding is that it only goes to your primary IP
Yeah, that can be very limiting. Seems like that would be easy to expand on their side.
Does VyOS have this feature?
Glancing over the wiki, it looks like it doesn't. Or rather, they say that Destination NAT is "port forwarding."
-
@eddiejennings said in NAT and Port Forwarding:
@jaredbusch said in NAT and Port Forwarding:
@scottalanmiller said in NAT and Port Forwarding:
@jaredbusch said in NAT and Port Forwarding:
The downside to port forwarding is that it only goes to your primary IP
Yeah, that can be very limiting. Seems like that would be easy to expand on their side.
Does VyOS have this feature?
Glancing over the wiki, it looks like it doesn't. Or rather, they say that Destination NAT is "port forwarding."
Well, that is what port forwarding does int he background anyway.
And port forwarding from multiple inbound IP just doens't make sense. because then you also need to do something for the source NAT.
As I stated previously, I do not know of any router that has this in the "Port Forwarding" section.
-
Is it possible to port forwarding using Aliases/Groups?
-
@jaredbusch said in NAT and Port Forwarding:
@scottalanmiller said in NAT and Port Forwarding:
@jaredbusch said in NAT and Port Forwarding:
The downside to port forwarding is that it only goes to your primary IP
Yeah, that can be very limiting. Seems like that would be easy to expand on their side.
Does VyOS have this feature?
I always use VyOS directly from the config files, so not sure.
-
@scottalanmiller said in NAT and Port Forwarding:
@jaredbusch said in NAT and Port Forwarding:
@scottalanmiller said in NAT and Port Forwarding:
@jaredbusch said in NAT and Port Forwarding:
The downside to port forwarding is that it only goes to your primary IP
Yeah, that can be very limiting. Seems like that would be easy to expand on their side.
Does VyOS have this feature?
I always use VyOS directly from the config files, so not sure.
set port-forwardhit tab.
