Firmware required: 4.5+
DNAT is required when the server is on an internal network and must be accessed through another external IP address on a perimeter device. When traffic is received on the public IP address the destination IP address is replaced by the internal IP address. There may be times you may want to allow access to your servers from the internet, without providing these servers with a valid internet address.
Note: If services not part of standard service list, create the service at Definitions -> Protocols and Services -> Services
Note: This IP address should belong to the firewall either on the firewall interface or through an alias IP address.
Example: This example creates a DNAT rule that allows Remote Desktop Server (RDP) traffic for a specific user from the internet to the local RDP server.
Pre-requisites in our example:
Source - ANY (because we want to allow access to anyone).
From interface - WAN
To interface - LAN
Service - remote-desktop (TCP port 3389)
1) Public IP-22.214.171.124 used to access the RDP server for the Internet.
2) Private IP-192.168.2.25 of the RDP server to which the traffic is redirected.
To allow remote user RDP access to local server, we need to create a firewall rule. Before creating a firewall rule, it is important to define the required network objects. These can be added at Definitions -> Hosts
Refer to the following steps to know how to create a network object in GajShield firewall.
Add the required firewall rule.
To ADD firewall rule, go to Firewall â€“> Policies â€“> Rules â€“> Click on + button to add new firewall rule.
As per the pre-requisite in our example, you must add the firewall rule as specified in the below snapshot.
Configure the above rule as follows:
Direction: From WAN (Interface on which the public IP address is configured) To LAN (Interface to which the RDP server is connected)
Note: Servers should be kept in DMZ instead of your Private Network for better security
Source: We have selected ANY since we need to provide access from the Internet
Destination: Public Address used to access RDP server from the Internet
Destination-NAT: Address to which the traffic is directed (configured on the RDP Server)
Services: The service or port access from the Internet. In this case, it is configured as remote-desktop
Step 4: Once the rule is configured, to apply it, we need to install firewall policy. To do so, go to Firewall â€“ >Policies â€“ >Install Policies.
Even after creating the above rule, if you are unable to access your internal server on the required port, check the following,
Check other parameters like service
If the packet is passed, check the following: