Skip to content

Commit

Permalink
Port forward: host set in "resctrict access" section (#126)
Browse files Browse the repository at this point in the history 
Co-authored-by: Giacomo Sanchietti <[email protected]>
  • Loading branch information
@cotosso @gsanchietti
cotosso and gsanchietti authored Oct 17, 2024
1 parent 980bc15 commit 42015f2
Showing 1 changed file with 10 additions and 8 deletions.
18 changes: 10 additions & 8 deletions port_forward.rst
View file
Original file line number Diff line number Diff line change
Expand Up @@ -27,18 +27,20 @@ When creating a port forward, certain parameters must be specified:

By default, all port forwards are accessible only for hosts inside the WAN. Refer to the :ref:`hairpin-section` for instructions on changing this default behavior.

For each port forward the user can configure also the following aspects:

- Enabling logging: port forwards can be configured to log incoming traffic for each rule. By enabling the ``Log`` option,
the network administrator can keep track of the traffic passing through the port forward, allowing for monitoring and analysis
- Access restriction: port forwards can be restricted to specific IP addresses, CIDR blocks or a domain set object. By entering a list of allowed IP addresses and CIDR notations, or selecting a domain set object
inside the ``Restrict access to`` field, the user can limit access to the port forward. This enhances security by controlling which external
devices are allowed to connect to the internal service.
- Binding to specific public IP: port forwards can be bound to a specific public IP address using the ``WAN IP`` field.
For each port forward the user can also configure the following aspects:

- **Binding to a specific public IP**: port forwards can be bound to a specific public IP address using the ``WAN IP`` field.
This means that if your router/firewall has multiple public IP addresses,
you can assign a port forward to a particular IP. This feature is valuable when dealing with complex network setups, ensuring that traffic directed to
a specific public IP is forwarded correctly to the internal server.

- **Access restriction**: Port forwards can be restricted to specific sources to enhance security. This can be done using the ``Restrict access to`` field. The field accepts IP addresses, CIDR blocks or an object.

Any type of object is supported except for host sets containing an IP range.

- **Enabling logging**: port forwards can be configured to log incoming traffic for each rule. By enabling the ``Log`` option,
the network administrator can keep track of the traffic passing through the port forward, allowing for monitoring and analysis.

.. _hairpin-section:

Hairpin NAT
Expand Down

0 comments on commit 42015f2

Please sign in to comment.