Jump to:navigation, search
Wiki





























De.png
En.png
Fr.png






NAT with multiple public IPs on an external interface
Last adaptation to the version: 12.6.0
New:
  • Updated to Redesign of the webinterface
notempty
This article refers to a Resellerpreview

02.2023

Access: UTM-IP:Port or UTM-URL:Port
Port as configured at Network / Appliance Settings / Webserver
Default-Port: 11115
i.e.: https://utm.ttt-point.de:11115
Default: https://192.168.175.1:11115
1.) Network Network Configuration  Area Network Interfaces Button Area IP Addresses
2.) Firewall Network objects

Introduction

This article describes how to create and configure a network object for port redirection or port forwarding over a specific IP when multiple public IP addresses are present.

  • Port redirection or port forwarding is applied only to the smallest IP address on a network object.
  • Consequently, in order to be applied specifically to another IP address, it is necessary to set up additional network objects:
    • Scenario:
      • Assigned network: 198.51.100.48/29
      • IP address 1: 198.51.100.49/29
      • IP address 2: 198.51.100.50/29



    Preparation

    Edit interface UTMuser@firewall.name.fqdnNetworkNetwork Configuration UTM v12.6 Multi-IP Netzwerkschnittstelle IP-Adressen-en.png Network Network configuration  Area Network interfaces Button IP Addresses
    The IP addresses on the interface must be entered here


    Create a new network object

    Create a new network object with Firewall Network objects  Area Add object Button +

    Labeling Value Description Add network object UTMuser@firewall.name.fqdnFirewallNetwork objects UTM v12.6 Multi-IP Netzwerkobjekt external-interface-IP2 hinzufuegen-en.png
    Name: external-interface-IP2 Arbitrary, unique name
    Type: Static interface 
    IP address: 198.51.100.50/29  Selection of the IP to be configured (will be adjusted in the following step)
    Zone: firewall-external  
    Group:      if necessary, a group to which this interface is to be assigned

    Save und close and open again with
    Address: 198.51.100.51/32 Change the subnet mask /29 to /32 so that only this IP is addressed! Edit network object UTMuser@firewall.name.fqdnFirewallNetwork objects UTM v12.6 Multi-IP Netzwerkobjekt external-interface-IP2 bearbeiten Subnetzmaske-en.png
    Save and close
    Search for the network object external-interface and click the button
    notempty
    The external interface must be edited so that it only affects this IP in further, general rules and does not inadvertently provide the other IP with rules.
    Address: 198.51.100.49/32 Entry of the 1st IP address on the existing interface (change to suffix with tab key)


    Existing address 0.0.0.0/0 applies to all IP addresses!

    Edit network object UTMuser@firewall.name.fqdnFirewallNetwork objects UTM v12.6 Multi-IP Netzwerkobjekt external-interface bearbeiten IP-Adresse-en.png

    Save and close

    notempty

    For each additional IP address, another separate network object must be created!



    Creating a packet filter rule

    Create a new packet filter rule under → Firewall →Packetfilter Button Add rule:

    Labeling Value Description UTM v12.6 Multi-IP Paketfilterregel hinzufuegen-en.png
    Port forwarding rule
    Source: World.svg internet Select the Internet as the source
    Destination: Network.svg Server1 Select the desired destination, as an example here the network object Server1
    Service: Tcp.svg https Desired service/port. Here: Port 8080 (https)
    Action: ACCEPT Select Accept
    [ - ] NAT
    Type: DESTNAT Selct Destnat as type
    Network object: Interface.svg external-interface-IP2 Interface configured with the desired IP
    Service: Tcp.svg https Desired service / port
    Save and close Update rules