General discussion

Locked

Network Newbie

By d.jones092 ·
Howdy folks...

Kind of new to the networking side of things. Trying to set up a new firewall/vpn solution, and am attempting to create some incoming policies. In the incoming policy area, it mentions that I have to create a virtual server or mapped IP. Not too sure what this means.

Any thoughts?

Dennis Jones

This conversation is currently closed to new comments.

4 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

Network Newbie

by curlergirl In reply to Network Newbie

It might help to know what model of firewall/router solution you are using, but here's a general (if somewhat simplistic) overview. Your firewall is probably using a filtering method called NAT (network address translation). This is the first basic level of protection offered by most firewalls. It receives TCP/IP protocol communications internally on your network from your workstations (which use, I assume, private IP addresses) and forwards them out to the Internet using it's own public IP address. The returning packets are then filtered through the firewall and forwarded back to the appropriate internal IP address so that they reach the originating workstation.

The firewall needs a way, however, to also handle incoming packets that originate outside (IOW, they aren't responding to a request that originated at an internal workstation), such as mail traffic (SMTP +/or POP3), requests coming to a web server behind the firewall (if you have one), etc. This is probably what yourrouter is referring to as a "virtual server." Of course, one way of handling them is to drop all of them, which effectively closes your network off from ALL Internet communications except those that originate within your organization. This is what happens if you don't set up any virtual servers behind your firewall. However, if you want to be able to receive some type of Internet communications that originate outside your network, you would need to designate a certain internal (private) IP address to receive all of the packets coming in on a particular port.

Collapse -

Network Newbie

by curlergirl In reply to Network Newbie

For example, if you have an internal mail server that is handling all of the incoming and outgoing mail for your domain (internal AND external), then you would have to map all incoming SMTP (port 25) and/or POP3 (port 110) traffic to be forwarded byyour router to that server's internal (private) IP address. The external sending email server only knows your public IP address, so it sends its outgoing SMTP packets to that address, which is the address of your firewall. The firewall then says, "Oh, I've got some SMTP packets, and I see they are supposed to go to my internal server at IP address 192.168.x.x" and it correctly forwards those packets on to your internal email server. This way, your internal email server is still protected by the firewall but enabled to receive email from external servers.

IP mapping usually refers to creating a certain group of internal private IP addresses that will share a designated single or range of public IP addresses through the firewall. I'venever used this, so I'm not as familiar with how it works. I believe it simply allows you to create ranges of public IP addresses and map them back to a range of internal private addresses. You would only need this if (a) you have more than one public IP address; and (b) you want to assign a specific subset of those addresses to be used by specific internal servers behind the router.

Hope this helps!

Collapse -

Network Newbie

by d.jones092 In reply to Network Newbie

Poster rated this answer

Collapse -

Network Newbie

by d.jones092 In reply to Network Newbie

This question was closed by the author

Back to Networks Forum
4 total posts (Page 1 of 1)  

Related Discussions

Related Forums