next up previous contents index
Next: Virtual Private Networking Up: Security Previous: Configuration Options   Contents   Index


Configure Port Forwarding

Port forwarding is a method for forwarding requests for service to a server that would otherwise not be reachable from the external network. This enables an organization with a single publically-accessible IP address to potentially forward services such as HTTP and SMTP to servers located within their internal network.

The diagram in Figure [*] on page [*] describes a typical scenario where an EnGarde Secure Professional server is configured to forward SMTP requests to an organization's internal mail server using the publically-accessible IP address assigned to the EnGarde Secure Professional server itself.

The following steps correspond to the sections in the diagram as data traverses from the workstation on the Internet to the internal server and back to the workstation.

(A)
The end-user on the Internet makes a request for a webpage.

(B)
The request passes through the Internet and makes its way to your EnGarde server. The EnGarde server will evaluate what type of request it is and determine how to handle it based on the rules defined by the EnGarde administrator in this section.

(C)
In this example it will forward the request to the web server located on the internal network.

(D)
The web server will handle the request and send the results back to the EnGarde server.

(E)
The EnGarde server at this point will forward the results back out to the Internet and to the end-user's PC.

Figure: Port Forwarding Example
\resizebox*{4in}{!}{\includegraphics{pptp-win/port_forwarding.eps}}

EnGarde gives you the ability to set up port forwarding directly through the WebTool. Here you can define what service requests addressed to the external interface of the firewall will be passed on to servers on the internal network.

When you first visit this section you will not see any rules listed.



\resizebox*{4.4in}{!}{\includegraphics{webtool-pics/security-firewall-setup-no-rules.eps}}



To add a rule select the Define New Rule link. You will be presented with the following screen.



\resizebox*{4.4in}{!}{\includegraphics{webtool-pics/security-firewall-create-rule.eps}}



Here you get to configure and create the new rule. You have the following fields to fill out:

Protocol
Select the protocol, TCP or UDP you wish to use for this rule. This should correspond to the protocol used by the port selected.
Port
The ports are listed by their associated services, with the port in parenthesis. Select which service you wish to forward.
Local Address
Select the local address (the address on this machine) that you wish to forward from. This will generally be an external interface of the firewall.
Remote Access
This is the address you will be forwarding to. This will generally be a server on internal network of the firewall.
The example above describes how to forward SMTP (port 25) on IP address 209.10.240.72 to the SMTP port on IP address 192.168.100.100 on the internal side of the EnGarde Secure Professional server. All requests for SMTP from the outside world to 209.10.240.72 will be forwarded to the internal server on IP address 192.168.100.100.

Once everything has been filled out select Define Rule. You will be brought back to the main screen and it will display the new rule that was just created.



\resizebox*{4.4in}{!}{\includegraphics{webtool-pics/security-firewall-setup.eps}}



At this point you can create more rules or edit existing rules by selecting Edit next to the associated rule.

The Edit Rule menu is the same as the Create Rule menu except with a button to delete the rule. Delete the rule by simply clicking the Delete Rule button.

next up previous contents index
Next: Virtual Private Networking Up: Security Previous: Configuration Options   Contents   Index
docs@guardiandigital.com 2002-12-16