FW rule on external 1:1 NAT



  • Hi,

    I have set two external ip addresses pointing to the same internal host by 1:1 NAT, like this:

    WAN ->  LAN
    1.1.1.1 -> 192.168.0.1
    1.1.1.2 -> 192.168.0.1

    Connections coming to 1.1.1.1 should be denied from all internet except when coming from some hosts, while 1.1.1.2 should be free to all. Since on the WAN tab of the fw rules I can only set the internal destination address, how can I accomplish this?

    Thanks in advance, best regards.


    Marcio Merlone



  • From what I have read, 1:1 NAT is a security risk and should only be used in the rare case that you really need access to the full port range on the internal server.  Specific port-forwards are generally best.  Port-forwards also let you specify the source IP address but I haven't played with that.