CLEAROS DOCUMENTATION

content:en_us:7_ug_port_forwarding

Table of Contents

Port Forwarding

The Port Forwarding app is required if you plan to have publicly available servers running on your local network. For example, you may need use the port forward tool to send voice traffic to a PBX (phone system) running on your local network.

The ClearOS Port Forwarding module takes packets destined for a port on the ClearOS firewall's external IP and translates that to an internal IP address. If you wish to add additional public IP addresses and forward those ports you will want to use the 1 to 1 NAT app which takes care of the IP addressing, firewalling, and NAT translations in a simple way.

ThePort Forwarding firewall is for traffic destined for the LAN behind ClearOS. If you want to allow traffic to ClearOS then you want the Incoming Firewall module. e.g if ClearOS is your public SMTP server, open incoming tcp:25, but if your mail server is on the LAN behind ClearOS, then Port Forward tcp:25 to the LAN machine. The two are mutually exclusive.
Port forwarding operates on all external interfaces' primary IP address at the same time, so if you have MultiWAN, the port forward applies to all WAN Interfaces. If you wish to apply the port forward to a single interface, you will have to use Custom Firewall rules.

Installation

If your system does not have this app available, you can install it via the Marketplace.

You can find this feature in the menu system at the following location:

<navigation>Network|Firewall|Port Forwarding</navigation>

Configuration

If you run servers behind your ClearOS gateway, you can use the Port Forwarding page to forward ports to a system on your local network. There are three ways to add a port forwarding firewall rule:

  • Select a standard service in the Standard Services form.
  • Input a protocol and single port number in the Port form.
  • Input a protocol and multiple consecutive ports in a port range in the Port Range form.

You can View, Add, Enable/Disable and Delete rules from this screen.

If you want to forward a port do not open it as well in the Incoming Firewall. The incoming firewall takes precedence and the port forward will not work

Add by Service

To add by Service, you just need to select the service you want to forward and the destination IP to forward to.

Add by Port

When forwarding by port you can specify a different port to forward to compared to the incoming port. If you do not specify a “To Port” the “From Port” is assumed. Choose the required Protocol (TCP or UDP) from the dropdown and fill up the rest of the fields (the “To Port” is optional).

Add by Port Range

You can forward range of ports to forward in a single rule, but in this case you do not get the opportunity to switch ports. Choose the required Protocol (TCP or UDP) from the dropdown and fill up the rest of the fields.

Troubleshooting

In order for port forwarding to work properly, the target system on your local network must have the default gateway set to ClearOS system.

search?q=clearos%2C%20clearos%20content%2C%20AppName%2C%20app_name%2C%20clearos7%2C%20userguide%2C%20categorynetwork%2C%20subcategoryfirewall%2C%20maintainer_dloper%2C%20maintainer_nhowitt%2C%20maintainerreview_x&amp;btnI=lucky

content/en_us/7_ug_port_forwarding.txt · Last modified: 2020/03/18 10:36 by 84.9.57.48

Page Tools

Trace: Port Forwarding