Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Control » Port forwarding changed??!?
  •  
terriff

Messages: 8
Karma: 0
Send a private message to this user
I noticed in the KWF documentation that port mapping is explained differently between versions.

KWF 5.0
http://www.kerio.nl/dwn/kwf/old/HTML-manual/ch05s03.html#d0e 4473

KWF 6.1.4
http://www.kerio.com/manual/kwf/en/ch06s03.html#d0e6574

Is the use of a specific IP address / host as the incoming destination a new addition? I can't find any documentation on this change if that is the case.

I ask this because I don't understand how you could direct network traffic over the internet to an internal IP address when you need to first direct it to the WAN interface.

Is this just a way of saying "look at the packet directed to the WAN interface and if the internal NAT'd address is X, direct this traffic there, otherwise, drop it"?

Can someone please explain the usage scenario to me? Thank you in advance.

  •  
FRiC

Messages: 56
Karma: 0
Send a private message to this user
The version 6.x docs seems to be wrong.
  •  
terriff

Messages: 8
Karma: 0
Send a private message to this user
If that were the case, then why is there a specific mention of entering a "host" in the new version?

KWF 5:
Quote:

Destination
The WinRoute host labelled as Firewall, which represents all IP addresses bound to the firewall host.


KWF 6:
Quote:

Destination
The WinRoute host labelled as Firewall, which represents all IP addresses bound to the firewall host.

This service will be available at all addresses of the interface connected to the Internet. To make the service available at a particular IP address, use the Host option and specify the IP address.



If this is not a mistake, it would sure be nice to see more documentation on how this is implemented.

[Updated on: Sat, 18 February 2006 17:23]

  •  
BlueDiamond

Messages: 12
Karma: 0
Send a private message to this user
Host and Firewall are the same.

I never worked with KWF 5, but the principle in KWF 6 is the same. So the image is correct in the manual of KWF 5.
  •  
feite

Messages: 523
Karma: 0
Send a private message to this user
If the external WAN interface has multiple ip addresses and you do want to publish a service on all ip addresses you use 'firewall'. This way all accesses to the service on all assigned ip addresses of the firewall will accept the packets. If you only want to publish the service on one of the ip adresses you specify that specific ip address using the host option in the traffic rule. Now only traffic using that specific ip address will be accepted.

example:
public ip addresses / fqdn
www.domain.com x.y.z.1
ftp.domain.com x.y.z.2
vpn.domain.com x.y.z.3
mail.domain.com x.y.z.4

To accept mail only on mail.domain.com specify that host for the mail service traffic rule. To accept mail on all specify 'firewall'.
  •  
terriff

Messages: 8
Karma: 0
Send a private message to this user
feite wrote on Sun, 19 February 2006 13:30

... If you only want to publish the service on one of the ip adresses you specify that specific ip address using the host option in the traffic rule. Now only traffic using that specific ip address will be accepted...


I understand this configuration but, it still doesn't explain why a 192.168.x.x address is used as the destination on the WAN interface.

Maybe this is just poor documentation?!!?!


Previous Topic: Winroute missing Viruses??
Next Topic: Unable to get address where to send failure notification
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Sun Nov 19 00:33:59 CET 2017

Total time taken to generate the page: 0.00456 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.