This recipe explains how to set up port forwarding to transfer specific packets that arrive at your Edge Gateway from the Internet to a device on the LAN side.
By configuring the DNAT settings on your Edge Gateway, port forwarding will be actualized.
DNAT (destination NAT) is a function for forwarding packets arriving from the Internet to a specific port number to a device on a private network set in advance.
Reference
For the SNAT (source NAT) settings, if packets are sent from the private network side to the Internet, the IP address and port number of the sender will be converted into a global IP address.
- エッジゲートウェイを経由してインターネットに接続する (Japanese Only)
Target device
- AG10
Requirement condition
-
You can connect to the Edge Gateway via SSH or a console.
Configure the DNAT settings
-
Log in to the Edge Gateway with a tool such as TeraTerm.
-
Start amsh, and shift to configuration mode.
admin@amnimo:~$ amsh
amnimo$ enable
password:
amnimo# configure
amnimo(cfg)# - Configure the DNAT settings for the interface you want to set. (In the following example, configure the settings for Interface eth0.)
amnimo(cfg)# nat dnat 100 ← Specify the rule number in the range from 1 to 1000.
amnimo(cfg-dnat-100)# enable
amnimo(cfg-dnat-100)# in-interface eth0
amnimo(cfg-dnat-100)# match protocol tcp dst-port 10080 ← Specify the packet match conditions.
amnimo(cfg-dnat-100)# to-ip 10.10.10.100:80 ← Specify the destination IP address and port.
amnimo(cfg-dnat-100)# enable -
Confirm the settings.
amnimo(cfg-dnat-100)# show config
enable
in-interface eth0
match protocol tcp dst-port 10080
to-ip 10.10.10.100:80
amnimo(cfg-dnat-100)# exit -
Shift to configuration mode, and save the configuration file.
amnimo(cfg)# config file save
startup-config file already exists. Do you want to overwrite? (y/N): y
Configure the DNAT settings for multiple destinations
If configuring the DNAT settings for multiple destinations, the same settings can be configured for them by changing the rule number.
e.g.) If Port No. 81 is specified, packets will be forwarded to 10.10.10.101:8080.
amnimo(cfg)# nat dnat 101
amnimo(cfg-dnat-101)# enable
amnimo(cfg-dnat-101)# in-interface eth0
amnimo(cfg-dnat-101)# match protocol tcp dst-port 81
amnimo(cfg-dnat-101)# to-ip 10.10.10.101:8080
amnimo(cfg-dnat-101)# enable
e.g.) If Port No. 50020 is specified, packets will be forwarded to 10.10.10.101:2020.
amnimo(cfg)# nat dnat 102
amnimo(cfg-dnat-102)# enable
amnimo(cfg-dnat-102)# in-interface eth0
amnimo(cfg-dnat-102)# match protocol tcp dst-port 50020
amnimo(cfg-dnat-102)# to-ip 10.10.10.101:2020
amnimo(cfg-dnat-102)# enable
Comments
0 comments
Please sign in to leave a comment.