This article describes the necessary steps to configure an advanced Destination NAT (or Port forwarding) on Panda GateDefender eSeries appliance.
The primary purpose of DNAT (or Port forwarding) is to take an internal application (IP and port) and expose that to the Internet to make it more widely accessible. This is commonly used for public access to web, mail, ftp, and other types of services.
Advanced configuration example
In this example, a DNAT (Port forwarding) for a range of ports for a web server in the Orange (DMZ) network will be configured. We will use one of our statically assigned public IP addresses as our external entry point for this exposed service.
- Create a new DNAT rule by configuring all the necessary fields to make it match our example network.
- Select Advanced Mode on the top right hand corner of the console and specify the source network allowed to access this rule.
Notice the Filter Policy combo box which by default is set to Allow with IPS. This means that the rule allows qualified traffic but inspects it with the IPS engine.
- Click Create Rule button.
- Once the rule is created, apply the rule to the device by clicking the Apply button.
- Now that the rule has been successfully applied, you can test it accessing the IP 22.214.171.124 on ports 10080-10085 from the Internet.