Follow

Inbound Traffic Examples


Welcome to Ecessa Support, we have a variety of technical information and tools for a variety of solutions. If you aren't finding a solution, or would like to talk to a technical support team member, please call 800-669-6242.

See Ecessa's full line of products and solutions

The following examples demonstrate how to make a host on the internal LAN accessible via two WAN addresses.  On the internal LAN the address of the host is 192.168.50.100 and it will be made accessible through the two WAN addresses 198.51.100.5 and 203.0.113.5.

Allow all traffic

Setting the Protocol to ALL will forward all traffic to the LAN host.

simple_rule_all_traffic.png

Allow specific traffic

By using a combination of the Protocol and WAN Destination Port(s) field only specific traffic can be forwarded to the LAN host.  In this example the only traffic that will be forwarded is TCP port 80.  All other traffic will be blocked by the firewall.

simple_rule_port.png

Port translation

Both the WAN Destination Port(s) and LAN Destination Port(s) field can be used to perform port translation.  Traffic destined for the WAN port will be forwarded to the LAN port.  In this example a service listening on the 192.168.50.100 host using port 8080 would be accessible via 198.51.100.5 port 80 and 203.0.113.5 port 80.

simple_rule_port_translation.png

Condensing entries using aliases

In the previous examples two entries have been used to allow traffic over two WANs.  Multiple IP addresses or ports can be combined into an Alias to reduce the number of firewall entries needed.  In the following example the two WAN IP addresses have been combined into an alias named wan-ip-group-1.  The single rule using this alias is equivalent to the two rules used in the previous examples.

simple_rule_alias.png

Deny traffic

All inbound traffic is denied by default so it is not necessary to explicitly deny traffic except where it would be allowed by a following entry.  In this example all traffic is forwarded to the LAN host except for TCP port 389.  The firewall rules are evaluated from top to bottom so first TCP port 389 is blocked.  All other traffic, that has not been previously blocked, will then be allowed and forwarded to the LAN host.

deny_order.png

 

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request

0 Comments

Article is closed for comments.