Jump to:navigation, search
Wiki

Multi-IP

From Securepoint Wiki





notempty
Dieser Artikel bezieht sich auf eine nicht mehr aktuelle Version!

notempty
Der Artikel für die neueste Version steht hier

notempty
Zu diesem Artikel gibt es bereits eine neuere Version, die sich allerdings auf eine Reseller-Preview bezieht




































































De.png
En.png
Fr.png






NAT with multiple public IPs on an external interface
Last adaption: 02.2023
New:
notempty
This article refers to a Resellerpreview

Access: UTM-IP:Port or UTM-URL:Port
Port as configured at Network / Appliance Settings / Webserver
Default-Port: 11115
i.e.: https://utm.ttt-point.de:11115
Default: https://192.168.175.1:11115
1.) → Network →Network ConfigurationTab Network Interfaces Button Tab IP Addresses
2.) → Firewall →Portfilter

Introduction

This article describes how to create and configure a network object for port redirection or port forwarding over a specific IP when multiple public IPs are present.

Port redirection or port forwarding is applied only to the smallest IP on a network object.
Consequently, in order to be applied specifically to another IP, it is necessary to set up additional network objects:

  • Scenario:
    • Assigned network: 198.51.100.48/29
    • IP 1: 198.51.100.49/29
    • IP 2: 198.51.100.50/29


Preparation

UTM v12.2.5 Netzwerk Netzwerkkonfiguration IP-Adressen-en.png

→ Network →Network configurationTab Network interfaces Button Tab IP Addresses
The IP addresses on the interface must be entered here

Create a new network object

Create a new network object with → Firewall →PortfilterTab Network objects Button Add object

Labeling Value Description UTM v12.2.5 Rule Interface1-en.png
Name: external-interface-IP2 Arbitrary, unique name
Type: Static interface 
IP address: 198.51.100.50/29  Selection of the IP to be configured (will be adjusted in the following step)
Zone: firewall-external  
Group:      if necessary, a group to which this interface is to be assigned

Save and open again with
Address: 198.51.100.51/32 Change the subnet mask /29 to /32 so that only this IP is addressed! UTM v12.2.5 Rule Interface2-en.png
Save
Search for the network object external-interface and click the button
The external interface must be edited so that it only affects this IP in further, general rules and does not inadvertently provide the other IP with rules.
Address: 198.51.100.49/32 Entry of the 1st IP address on the existing interface (change to suffix with tab key)
Existing address 0.0.0.0/0 applies to all IP addresses! || rowspan="2" class="bild noborder" style="border-top: 1px solid red;" | UTM v12.2.5 Rule Interface4-en.png

Save

For each additional IP address, another separate network object must be created!


Creating a port filter rule

Create a new port filter rule under → Firewall →PortfilterTab Portfilter Button Add rule:

Labeling Value Description UTM v12.2.5 Rule Portweiterleitung 2IPs-en.png
Port forwarding rule
Active: On Activate so that this rule takes effect
Source: World.svg internet Select the Internet as the source
Destination: Network.svg Server1 Select the desired destination, as an example here the network object Server1
Service: Tcp.svg https Desired service/port. Here: Port 8080 (https)
Action: Accept Select Accept
Logging: Short - Log three entries per minute Selecting an option from Logging
Group: default Select any group
[-] NAT
Type: Destnat Als Typ Destnat auswählen
Network object: Interface.svg external-interface-IP2 Interface configured with the desired IP
Service: Tcp.svg https Desired service / port


Close Update rules


Retrieved from "https://wiki.securepoint.de/index.php?title=UTM/RULE/Multi-IP_02.2023&oldid=89477"