FW rule on external 1:1 NAT

  • Hi,

    I have set two external ip addresses pointing to the same internal host by 1:1 NAT, like this:

    WAN ->  LAN -> ->

    Connections coming to should be denied from all internet except when coming from some hosts, while should be free to all. Since on the WAN tab of the fw rules I can only set the internal destination address, how can I accomplish this?

    Thanks in advance, best regards.

    Marcio Merlone

  • From what I have read, 1:1 NAT is a security risk and should only be used in the rare case that you really need access to the full port range on the internal server.  Specific port-forwards are generally best.  Port-forwards also let you specify the source IP address but I haven't played with that.

Log in to reply