NAT Query - should be simple?

[basiluk]

On a Billion 7800 DXL, I understand 121 NAT allows mapping a public IP address to an internal one, and allows all ports access. This I have setup fine. But how do I setup selective ports for the same setup.

If I use virtual servers then it will not allow me to add an entry for (say) port 443 if a VS rule already exists for a different IP address.

Any suggestions please?

...Jon.

[frogfoot]

It sounds to me like you need a block of IP addresses if you need several machines behind your router each offering the same service. For instance You can't have more than one web server on port 443 behind a NAT router if you only have one public IP, if you have a block of IP addresses you can map each one to a local machine using One-to-one NAT, The manual is unclear on the usage of the Virtual Server WAN IP setting (It's not mentioned) Perhaps this is where you can enter the public IP of the server you are running, thus allowing you to open selective ports.

[basiluk]

Sorry, I should ups have been clearer. I have 16 public ip addresses, but cannot work out how to allow say port 443 only to be open for say three of them.

[billion_fan]

Sorry, I should ups have been clearer. I have 16 public ip addresses, but cannot work out how to allow say port 443 only to be open for say three of them.

You shouldn't have to setup any virtual server rules, as the device that mapped should be totally exposed to the internet (no need to enter virtual server rules, see attached screen shots)

So port 443 should already be open to the external WAN IP you have mapped

[frogfoot]

Hi Billion_fan,
Out of interest what is the WAN IP box for in the Virtual servers box?

[billion_fan]

Hi Billion_fan,
Out of interest what is the WAN IP box for in the Virtual servers box?

I think this section is used if you have multiple WAN connections, eg when using fallback/failover you specify a rule for a certain WAN connection when up.

[basiluk]

Ok a little clarification here.

What I need to perform is as follows:

IP 180.1.2.3.4 needs port 443 open
IP 190.1.2.3.5 needs port 443 open
IP 192.1.2.3.6 needs port 80 open
IP 192.1.2.3.7 needs port 80 open
etc

If I do 121 NAT then all four IP's have all ports opened. If I use virtual servers then it will only accept one IP per port designation. SO how do I open the same port on multiple public IP's?

[billion_fan]

Ok a little clarification here.

What I need to perform is as follows:

IP 180.1.2.3.4 needs port 443 open
IP 190.1.2.3.5 needs port 443 open
IP 192.1.2.3.6 needs port 80 open
IP 192.1.2.3.7 needs port 80 open
etc

If I do 121 NAT then all four IP's have all ports opened. If I use virtual servers then it will only accept one IP per port designation. SO how do I open the same port on multiple public IP's?

You can only use 121 NAT, so all ports are opened including 443 and 80 to 1 external WAN IP eg 192.168.1.100 mapped to 80.22.33.44 all ports open, 192.168.1.101 mapped to 80.22.33.45 all ports open etc so you don't need any virtual server rules, (for external access using 1 external WAN IP two devices can't use the same port, as traffic won't know which one to go to) hence the reason being you can map a 1 x internal IP to 1 x external WAN IP and all ports will be mapped/open to that external IP

[basiluk]

That's a real shame. Any chance of asking for an enhancement to perform this?

[evansnp]

Ok a little clarification here.

What I need to perform is as follows:

IP 180.1.2.3.4 needs port 443 open
IP 190.1.2.3.5 needs port 443 open
IP 192.1.2.3.6 needs port 80 open
IP 192.1.2.3.7 needs port 80 open
etc

If I do 121 NAT then all four IP's have all ports opened. If I use virtual servers then it will only accept one IP per port designation. SO how do I open the same port on multiple public IP's?

As long as you don't mind using custom ports externally, then this is an ideal candidate for using VMs.
e.g. for 190.1.2.3.4, you could use external port 8443, mapped to 443 internally; IP 190.1.2.3.5 use 9443, mapped to 443 internally etc.