Educational ICT Virtualisation Specialist

Twitter LinkedIn E-mail
Precedence Technologies Ltd
Technology House, 36a Union Lane
Cambridge, CB4 1QB, United Kingdom
T: +44 (0)8456 446 800 / +44 (0)1223 359900
F: +44 (0)8456 446 899 / +44 (0)1223 359459
E: enquiries@precedence.co.uk
Firewalling-PortMapping

Jump To: Support > KB > NetManager > Firewalling > PortMapping

Port Mapping

At its simplest, port mapping allows you to forward connections made to the NetManager onto other machines. This means you only need a small number of external IP addresses (usually just one) for allowing access to machines from the outside. This access can, of course, be firewalled. It should not be confused with Reverse Proxying.

It can be configured in Network > NAT in webadmin.

As an example, look at the configuration below:

The left column is the external IP address (obscured for security). Two IP addresses are used in this case (i.e. the NetManager has Aliased addresses. In this example, it is necessary to use more than one IP address as port 80 is mapped through to an internal machine; if only a single IP address was used, this would stop access to the NetManager's webserver. On a port-by-port basis, these are mapped through to 3 different internal machines. Firewalling is controlled individually for each mapping.

Each mapping can be configured as remote or local. Remote will not be available if you are not using NAT. In remote mode, the NetManager firewall remaps the traffic transparently. The internal machine will see the traffic as coming from its original (external) IP address. Therefore, the internal target machine must have its default gateway set to the NetManager. In local mode, the NetManager will accept the incoming connection itself and then open a new connection to the internal machine. This means that the internal target machine will see the traffic as coming from the NetManager, not the original address. It also places slightly more load on the NetManager.

Round-robin mapping

More than one destination IP address can be specified. This will allow 'round-robin' access (i.e. each IP address will be used in turn) - this gives crude load balancing. In the example below, the top rule (port 1494) is being edited to add a second IP address.

© Copyright Precedence Technologies 1999-2017
Page last modified on October 20, 2009, at 11:21 AM by sborrill