![Ubiquiti EdgeRouter [29/57] Destination nat rules](/img/pdf.png)
Ubiquiti EdgeRouter [29/57] Destination nat rules
![Ubiquiti EdgeRouter [29/57] Destination nat rules](/views2/1072902/page29/bg1d.png)
26
Chapter 5: Security TabEdgeOS
™
User Guide
Ubiquiti Networks, Inc.
• Enable Logging Check this box to log instances when
the rule is matched.
• Protocol Select one of the following:
- All protocols Match packets of all protocols.
- TCP Match TCP packets.
- UDP Match UDP packets.
- Both TCP and UDP Match TCP and UDP packets.
- Choose a protocol by name Select the protocol from
the drop-down list. Match packets of this protocol.
• Match all protocols except for this Match packets
of all protocols except for the selected protocol.
- Enter a protocol number Enter the port number of
the protocol. Match packets of this protocol.
• Match all protocols except for this Match packets
of all protocols except for the selected protocol.
• Src Address Enter the IP address or network address of
the source. You can also enter a range of IP addresses;
one of them will be used.
Note: If you enter a network address, enter the IP
address and subnet mask using slash notation:
<network_IP_address>/<subnet_mask_number>
(example: 192.0.2.0/24).
• Src Port Enter the port name or number of the source.
You can also enter a range of port numbers; one of them
will be used.
NAT groups are created on the Firewall/NAT Groups
tab; see “Firewall/NAT Groups” on page 28 for
more information. Select the appropriate group(s);
you can specify up to two groups maximum in these
combinations:
• An address group and port group
• A network group and port group
The packets must match both groups to apply the rule.
• Src Address Group or Interface Addr. Select the
appropriate address group or interface address. If you
select Other as the interface address, then enter the
interface name in the field provided. The NAT rule will
match the IP address of the selected interface.
• Src Network Group Select the appropriate network
group.
• Src Port Group Select the appropriate port group.
• Dest. Address Enter the IP address or network address
of the destination. You can also enter a range of IP
addresses; one of them will be used.
Note: If you enter a network address, enter the IP
address and subnet mask using slash notation:
<network_IP_address>/<subnet_mask_number>
(example: 192.0.2.0/24).
• Dest. Port Enter the port name or number of the
destination. You can also enter a range of port numbers;
one of them will be used.
• Dest Address Group or Interface Addr. Select the
appropriate address group or interface address. If you
select Other as the interface address, then enter the
interface name in the field provided. The NAT rule will
match the IP address of the selected interface.
• Dest Network Group Select the appropriate network
group.
• Dest Port Group Select the appropriate port group.
Click Save to apply your changes, or click Cancel.
Destination NAT Rules
Destination NAT Rules change the destination address of
packets; a typical scenario is that a public source needs
to communicate with a private destination. A Destination
NAT Rule goes from the public network to the private
network and is applied before routing.
Add Destination NAT Rule To create a new rule, click
Add Destination NAT Rule. Go to the Add or Configure a
Destination NAT Rule section.
Save Rule Order To change the rule order, click and drag
a rule up or down the sequence, and then release the rule.
When you are finished, click Save Rule Order.
Search Allows you to search for specific text. Begin
typing; there is no need to press enter. The results are
filtered in real time as soon as you type two or more
characters.
Содержание
- Chapter 1 2
- Chapter 2 2
- Chapter 3 2
- Chapter 4 2
- Chapter 5 2
- Chapter 6 2
- Chapter 7 2
- Chapter 8 2
- Dashboard tab 2
- Overview 2
- Routing tab 2
- Security tab 2
- Services tab 2
- Table of contents 2
- Users tab 2
- Using edgeos 2
- Wizards tab 2
- Appendix a 3
- Appendix b 3
- Chapter 9 3
- Command line interface 3
- Contact information 3
- Toolbox 3
- Chapter 1 overview 4
- Configuration 4
- Configuration interface system requirements 4
- Hardware overview and installation 4
- Introduction 4
- Service provider deployment 4
- Soho deployment 4
- Typical deployment scenarios 4
- Corporate deployment 5
- Chapter 2 using edgeos 6
- Navigation 6
- Ports and status information 6
- Alerts 7
- Common interface options 7
- System 7
- Toolbox 7
- Welcome 7
- Basic settings 8
- Domain name 8
- Gateway 8
- Host name 8
- Management settings 8
- Name server 8
- Ssh server 8
- Time zone 8
- Back up config 9
- Configuration management device maintenance 9
- Snmp agent 9
- System log 9
- Telnet server 9
- Reset config to default 10
- Restart router 10
- Restart shut down router 10
- Restore config 10
- Shut down router 10
- Upgrade system image 10
- Chapter 3 dashboard tab 11
- Firewall 11
- Routes 11
- Services 11
- All ethernet vlan 12
- Distribution 12
- Interfaces 12
- Configure the interface 13
- Configure the vlan 14
- Configure the poe settings 15
- Configure the switch 15
- Poe watchdog 15
- Chapter 4 routing tab 17
- Ipv6 routing 17
- All static connected rip ospf 18
- Routes 18
- Configure the static route 19
- Gateway 19
- Interface 19
- Black hole 20
- Redistribution 20
- Router 20
- Configure the ospf area 21
- Configure the ospf interface 22
- Interfaces 22
- All drop reject accept 23
- Chapter 5 security tab 23
- Firewall policies 23
- Configure the firewall policy 24
- Configuration 27
- Interfaces 27
- Add or configure a source nat rule 28
- Source nat rules 28
- Destination nat rules 29
- Add or configure a destination nat rule 30
- All address network port 31
- Firewall nat groups 31
- Configure the firewall nat group 32
- Pptp server 32
- Chapter 6 services tab 33
- Dhcp server 33
- Configure the dhcp server 34
- Leases 34
- Static mac ip mapping 35
- Details 36
- Dns forwarding 37
- Pppoe server 37
- Chapter 7 users tab 38
- Configure the user 39
- Remote 39
- Chapter 8 wizards tab 40
- Setup wizards 40
- Wan 2lan 40
- Erlite 3 er 8 erpro 8 41
- Internet port eth1 41
- Lan port eth0 41
- Optional secondary lan port eth2 41
- Erpoe 5 42
- Internet port eth1 42
- Lan ports eth2 eth3 and eth4 42
- Optional secondary lan port eth0 42
- Feature wizards 43
- Port forwarding 43
- Port forwarding rules 43
- Set up port forwarding 43
- Set up upnp interfaces 44
- Tcp mss clamping 44
- Chapter 9 toolbox 45
- Discover 46
- Packet capture 46
- Log monitor 47
- Access the cli 48
- Access using a terminal emulator 48
- Appendix a command line interface 48
- Connect to the console port 48
- Overview 48
- Access using ssh 49
- Access using telnet 49
- Access using the edgeos configuration interface 50
- Appendix a command line interface edgeo 50
- At the password prompt enter the password the default is ubnt 50
- At the top right of the screen click the cli 50
- Button 50
- Change the default password of the ubnt login use the set command as detailed in remove the default user account on page 49 50
- Cli modes 50
- Each tab of the edgeos interface contains cli access 50
- Enter show and press the key to view the settings that you have configured 50
- For example type show interfaces to display the interfaces and their status information 50
- For help with commands you can either press the key or enter show and press the key 50
- Note the question mark does not display onscreen 50
- Note to enhance security we recommend that you change the default login using at least one of the following options 50
- Operational mode 50
- Set up a new user account preferred option for details go to remove the default user account on page 49 50
- The cli window appears at the login prompt enter the username the default is ubnt 50
- To properly shut down the edgerouter use the shutdown command 50
- Ubiquiti networks inc 50
- User guide 50
- Warning use the shutdown command to properly shut down the edgerouter an improper shutdown such as disconnecting the edgerouter from its power supply runs the risk of data corruption 50
- When you first log in the cli is in operational mode press the key to view the available commands 50
- Configuration mode 51
- Configure an interface 51
- Appendix a command line interface edgeo 52
- Create a firewall rule 52
- Create a firewall rule using the full syntax 52
- Create a new user 52
- Delete the default user account 52
- Log in with the new user account 52
- Log out of the default user account 52
- Remove the default user account 52
- The plaintext password that you entered is converted to an encrypted password 52
- To create a firewall rule use the set or edit commands both methods are described below in addition use the compare discard up top copy and rename commands 52
- To create the same firewall rule while reducing the amount of repetition in the full syntax use the edit command 52
- To display uncommitted changes use the compare command 52
- To remove the default user account do the following 52
- To undo uncommitted changes use the discard command 52
- Ubiquiti networks inc 52
- Use the set commit save exit and delete commands 52
- User guide 52
- Appendix a command line interface edgeo 53
- Press the or tab key to display options for the specified edit level 53
- To display the existing firewall rule use the show firewall command 53
- To move up an edit level use the up command 53
- To return to the top edit level use the top command 53
- To show changes within the edit level use the compare command 53
- Ubiquiti networks inc 53
- User guide 53
- Appendix a command line interface edgeo 54
- To change the name of the new firewall rule use the rename command 54
- To create a new firewall rule from an existing firewall rule use the copy command 54
- Ubiquiti networks inc 54
- User guide 54
- Appendix a command line interface edgeo 55
- Before making changes the administrator saved a backup configuration file with a working ipsec tunnel configuration 55
- Enter save and press the key 55
- Here is an example that uses the commit revisions command 55
- Manage the configuration file 55
- Note this is a backup if the edgerouter were rebooted it would still boot from the default file config config boot 2 after the administrator deleted the ipsec configuration and was configuring of the openvpn tunnel circumstances changed so that the ipsec tunnel was required again consequently the administrator reverted the edgerouter to its previous configuration with the ipsec tunnel 55
- On the remote tftp server a copy with the hostname and date is saved for each commit 55
- Scenario in the midst of the administrator changing an ipsec tunnel into an openvpn tunnel the administrator had to revert the edgerouter to its previous configuration with the ipsec tunnel 55
- To automatically make a remote backup after every commit use the commit archive configuration option enter location and press the key 55
- Typically you use the save command to save the active configuration to disk config config boot however you can also save the active configuration to a different file or remote server 55
- Ubiquiti networks inc 55
- User guide 55
- You can also keep a specified number of revisions of the configuration file on the local disk use the commit revisions configuration option 55
- After viewing the history of system commits you decide to discard the last four commits by admin_5 roll back the system configuration file to commit 4 56
- After you verify that the changes should be saved use the confirm command 56
- Appendix a command line interface edgeo 56
- For details on the commit revisions option go to manage the configuration file on page 52 56
- Note the following commands require that the configuration option commit revisions be set first 56
- Now you will see the comment when you use the show system commit command 56
- To add a comment to the commit use the comment command 56
- To display the changes in revision 0 use the show system commit diff command 56
- To display the entire configuration file for revision 0 use the show system commit file command 56
- To roll back to an earlier commit use the show system commit and rollback commands 56
- Ubiquiti networks inc 56
- User guide 56
- When you work on a remote router certain changes such as a firewall or nat rule can cut off access to the remote router so you then have to visit the remote router and reboot it to avoid such issues when you make risky changes use the commit confirm command first then use the confirm command to save your changes 56
- You can also specify the number of minutes to wait but you must remember to also use the confirm command otherwise if you forget then you can be surprised by the edgerouter s reboot to its previous configuration 56
- Appendix b contact information 57
- Online resources 57
- Ubiquiti networks support 57
Похожие устройства
- Buderus LOGALUX LT135-LT300 Инструкция по эксплуатации
- Ubiquiti EdgeRouter PRO Инструкция по эксплуатации
- Buderus LOGALUX SU400-SU1000 Инструкция по эксплуатации
- Tefal D8213212 Инструкция по эксплуатации
- Ubiquiti AirRouter Инструкция по эксплуатации
- Tefal D2300212 Инструкция по эксплуатации
- Buderus LOGALUX SU160-SU300 Инструкция по эксплуатации
- Ubiquiti AirRouter HP Инструкция по эксплуатации
- Buderus LOGALUX S120 Инструкция по эксплуатации
- Tefal D2300412 Инструкция по эксплуатации
- Ubiquiti TOUGHSwitch PoE Инструкция по эксплуатации
- Buderus LOGAMAX PLUS GB022 Инструкция по эксплуатации
- Tefal D2300512 Инструкция по эксплуатации
- Ubiquiti TOUGHSwitch PoE PRO Инструкция по эксплуатации
- Buderus LOGAMAX U022-24K Инструкция по эксплуатации
- Ubiquiti TOUGHSwitch PoE CARRIER Инструкция по эксплуатации
- Buderus LOGAMAX U024-24K Инструкция по эксплуатации
- Ubiquiti RB2011UiAS-2HnD-IN Инструкция по эксплуатации
- Buderus LOGANO G211 Инструкция по эксплуатации
- Ubiquiti RB951-2n Инструкция по эксплуатации
Скачать
Случайные обсуждения
Ответы 1
Какие разделы содержит руководство пользователя EdgeOS ™ от Ubiquiti Networks, Inc.?
2 года назад