How To – Configure Port Forwarding using Virtual Host to access devices on Internal network                               ...
How To – Configure Port Forwarding using Virtual Host to access devices on Internal networkConfigurationEntire configurati...
How To – Configure Port Forwarding using Virtual Host to access devices on Internal networkNote      If servers are hoste...
How To – Configure Port Forwarding using Virtual Host to access devices on Internal networkStep 3: Loopback firewall ruleO...
How To – Configure Port Forwarding using Virtual Host to access devices on Internal networkFor our example, DMZ to DMZ fir...
How To – Configure Port Forwarding using Virtual Host to access devices on Internal networkClick Create and the Firewall R...
How To – Configure Port Forwarding using Virtual Host to access devices on Internal networkClick Create and the Firewall R...
Upcoming SlideShare
Loading in …5
×

How to -_configure_port_forwarding_using_virtual_host_to_access_devices_on_internal_network

362 views

Published on

Published in: Technology
  • Be the first to comment

How to -_configure_port_forwarding_using_virtual_host_to_access_devices_on_internal_network

  1. 1. How To – Configure Port Forwarding using Virtual Host to access devices on Internal network How To – Configure Port Forwarding using Virtual Host to access devices on Internal networkApplicable to – versions 9.5.3 build 14 or aboveThis article describes a detailed configuration example that demonstrates how to configureCyberoam to provide the access of internal resources.Article covers how to  Create virtual host  Create firewall rule to allow the inbound trafficVirtual hostVirtual host implementation is based on the Destination NAT concept of older versions ofCyberoam.Virtual Host maps services of a public IP address to services of a host in a private network. Inother words it is a mapping of public IP address to an internal IP address. This virtual host isused as the Destination address to access internal or DMZ server.A Virtual host can be a single IP address or an IP address range or Cyberoam interface itself.Cyberoam will automatically respond to the ARP request received on the WAN zone for theexternal IP address of Virtual host.Sample schemaThroughout the article we will use the network parameters displayed in the below givennetwork diagram. Outbound traffic from LAN and DMZ is allowed while inbound traffic isrestricted. The public servers - mail and web server are hosted in DMZ. Network External IP address IP address (Internal) components (Public) Web server 203.88.135.208 192.168.1.4 (Mapped) Mail server 204.88.135.192 192.168.1.15 (Mapped)For virtual host:External IP: IP address through which Internet user’s access internal server.Mapped IP: IP address bound to the internal server.
  2. 2. How To – Configure Port Forwarding using Virtual Host to access devices on Internal networkConfigurationEntire configuration is to be done from Web Admin Console unless specified.Step 1: Create virtual host for Web serverGo to Firewall  Virtual Host  Create and create virtual host with the parameters asspecified in sample schemaIn our example, Internet users will access internal web server using public IP 203.88.135.208which is mapped to local IP 192.168.1.4. In other words, all the inbound requests from203.88.135.208 will be forwarded to 192.168.1.4.
  3. 3. How To – Configure Port Forwarding using Virtual Host to access devices on Internal networkNote  If servers are hosted on LAN, change the Physical Zone to LAN.  In case you have custom zones, change the Physical Zones accordingly.  Public IP address is the IP address through which Internet user’s access internal server/host. If public IP address is already configured as main Interface IP or alias IP, then use the option – Interface IP to select it as an external IP or else select the option IP and add the Public IP Address.Step 2: Create virtual host for Mail serverGo to Firewall  Virtual Host  Create and create virtual host with the parameters asspecified in sample schemaIn our example, Internet users will access internal mail server using public IP 203.88.135.192which is mapped to local IP 192.168.1.15. In other words, all the inbound requests from203.88.135.192 will be forwarded to 192.168.1.15.
  4. 4. How To – Configure Port Forwarding using Virtual Host to access devices on Internal networkStep 3: Loopback firewall ruleOnce the virtual host is created successfully, Cyberoam automatically creates a loopbackfirewall rule for the zone of the mapped IP address. Loopback firewall rule is created for theservice specified in virtual host.Loopback rules allow same zone internal users to access the internal resources using itspublic IP (external IP) or FQDN.
  5. 5. How To – Configure Port Forwarding using Virtual Host to access devices on Internal networkFor our example, DMZ to DMZ firewall rule is created as virtual host (mapped IP address)belongs to DMZ interface subnet.Check creation of loopback rule from Firewall  Manage FirewallStep 4: Add Firewall rulesRule 1Go to Firewall  Create Rule and create firewall rule for each server with theparameters as displayed in the below given screens.Click Create and the Firewall Rule for Webserver will be created successfully.
  6. 6. How To – Configure Port Forwarding using Virtual Host to access devices on Internal networkClick Create and the Firewall Rule for Mailserver will be created successfully.NoteChange the Destination Host according to the actual server Location (Zone).To create firewall rules to allow internal users to access resources in DMZ using its public IP(external IP) or FQDN follow the below mentioned steps:Go to Firewall  Create Rule and create firewall rule for each server with theparameters as displayed in the below given screens.Click Create and the Firewall Rule for Webserver will be created successfully.
  7. 7. How To – Configure Port Forwarding using Virtual Host to access devices on Internal networkClick Create and the Firewall Rule for Mailserver will be created successfully.Note:DO NOT “Apply NAT” for inbound SMTP rules. This will setup the MailServer as an OPENRELAY. Document version – 3.0- 12/05/2011

×