Servers behind Firewalls often need to be accessible from the internet. You can do this using Port Forwarding, 1:1 NAT, 1:Many NAT. This article will learn about the difference between Port Forwarding and NAT Rules on Meraki MX devices.
1. Port Forwarding :
– Port Forwarding uses specific TCP or UDP ports on the Internet interface of the MX Security device and forwards them to internal IPs. This is the best way for users who do not own a public IP address pool. This feature can forward different ports to different internal IP addresses, allowing multiple servers to be accessed from the same public IP address. Select Add a port forwarding rule to create a new Port Forward rule.
- Description : description of the rule.
- Uplink : listen on the Public IP of Internet 1, Internet 2, or both.
- Protocols : TCP or UDP.
- Public ports: Destination port of traffic to WAN port.
- LAN IP : Local IP address to which traffic will be forwarded.
- Local port : Destination port of forwarded traffic will be sent from the MX to the specified host on the LAN. If you just want to forward traffic without switching ports, just set it up as Public port.
- Allowed remote IPs : Remote IP address or address range is allowed to access.
– You can create port forwarding rules that forward a series of ports. However, the port range configured in Public port must be the same length as the port range configured in Local port. For example if you forward TCP 223-225 to TCP 628-630, port 223 will be converted to 628, port 224 will be converted to 629, port 225 will be converted to 630.
2. 1:1 NAT :
– 1:1 NAT for users with multiple public IP addresses. Use this option to map the IP address on the MX’s WAN side (different from the MX’s own WAN IP) to a local IP address in the network. Select Add a 1:1 NAT mapping to create a new mapping, and enter the following information:
- Name : description of the rule
- Public IP : The IP address will be used to access internal resources from the WAN.
- LAN IP : IP address of the server or internal resource storage device
- Uplink : The WAN interface to which the traffic will arrive.
- Allowed inbound connections : ports and remote IPs are allowed to access. To enable inbound connectionsselect Allow more connections and enter the following information:
+ Protocols : Select TCP, UDP, ICMP ping, or any.
+ Ports : Enter the port or port range that will be forwarded to the host in the LAN.
+ Remote IPs: Enter the WAN IP address range that is allowed to create incoming connections on the specified port or port range. You can specify multiple WAN IP ranges separated by commas.
3. 1:Many NAT :
– 1:Many NAT allows configuration of traffic forwarding from public IP addresses to internal servers. However, unlike 1:1 NAT, 1:Many NAT allows one public IP address to convert to multiple internal IPs, on different ports. For each 1:Many IP definition, a public IP address must be specified, then you can configure multiple port forwarding rules to forward traffic to different devices in the LAN. Like 1:1 NAT, 1:Many NAT cannot use the MX’s own WAN IP. To create a 1:Many NAT rule, select Add 1:Many IPs.
- Public IP : The IP address will be used to access internal resources from the WAN.
- Uplink : The WAN interface to which the traffic will arrive.
– 1:Many NAT will be created with a forwarding rule. To add a rule, select Add a port forwarding rule.
- Description : rule description.
- Protocols : TCP or UDP.
- Public ports: Destination port of traffic to WAN port.
- LAN IP : Local IP address to which traffic will be forwarded.
- Local port : Destination port of forwarded traffic will be sent from the MX to the specified host on the LAN. If you just want to forward traffic without switching ports, just set it up as Public port.
- Allowed remote IPs : Remote IP address or address range is allowed to access.
!!! Thank you for following the article!!!
Xem tiếp...