Skip to end of metadata
Go to start of metadata

Download PDF Document



2019-07-24
All Mediatrix Products
v. 44.3.1746
Top

1 Port Forwarding - Internet to LAN

In this document, port forwarding provides a secure Internet access to a device located on the LAN.

In other words, port forwarding is set up to redirect a port on the Uplink interface of the Mediatrix unit, and forward it to the Lan1 Network interface, so that it connects to the the IP address and port of a server or PBX in the internal network.

This document is an example based on the assumption that:

  • The external port on the Uplink interface of the Mediatrix unit is 8080 .
  • The internal IP and port of the internal device (Server or PBX) is 192.168.0.99 port 80 .

Note

Port 8080 is used as an external port because it must remain possible to manage the Mediatrix unit through its Web interface on port 80 . This way, the internal Server/PBX will be accessible at http://mediatrix.example.com:8080 , while normal http://mediatrix.example.com will still remain accessible.

Top

2 Information to Know Before Starting

The Following values are used as an example in this document. They can be used as is, or changed to reflect your environment.
Example Value Description
8080 External port on the Uplink interface of the Mediatrix unit. This can be changed, but will work in most environments.
192.168.0.99 Internal IP address of the internal device (PBX server).
  • Change the value to reflect the address of your PBX server, or
  • Change the address of the PBX server to use 192.168.0.99
80 Internal port of the internal device (PBX server). This can be changed, but will work on most environments.
Top

3 Port-forwarding Overview

Context
This overview is an example based on the assumption that:
  • The external port on the Uplink interface of the Mediatrix unit is 8080 .
  • The internal IP and port of the internal device (Server or PBX) is 192.168.0.99 port 80 .
Steps
  1. A connection request comes from the laptop.example.net to the external IP of the Mediatrix unit (eg: http://mediatrix.example.com:8080 ).
  2. A Destination NAT (DNAT) rule will transform this connection on port 8080 on the Uplink address into the real address of the internal service (eg http://192.168.0.99:80 ) refer to Creating a Destination NAT Rule for the Uplink Network Interface .
  3. The packet will be forwarded to the Lan1 interface.
  4. However, since the external device and the internal service are on different subnets, they will not be able to talk to each other, unless some Source NAT (SNAT) rules are added. There are two possible options:
    1. Configuring the Mediatrix as a full NAT/Router to give access to all the LAN devices to the internet. This approach works well in simple small office/home office scenarios. However, it involves either reconfiguring devices on the LAN or installing a DHCP server, which is outside the scope of these configuration notes. It can also have security implications, or require much more configuration with some network topologies such as VLANs, VPNs, multiple routers or internet connections, etc.
    2. Use a simple Source NAT (SNAT) rule to make the connection appear as if it came directly from the Mediatrix unit Lan1 IP address. Refer to Creating a Source NAT Rule for the Lan1 Network Interface . This has the advantages of being very simple to configure, works with any network topology, and is fairly secure since it only allows access from a single port to a specific device and port. It does have one caveat: your internal device will see all traffic coming from the Mediatrix unit and won't be able to log the external source IP. If that's the case, you'll need to go the full NAT route.
Top

3.1 Enabling IPv4 Forwarding

Steps
  1. Go to Network /IP Routing .
  2. In the IP Routing configuration table, select Enable .
  3. Click Save .
Result
If IP Forwarding is disabled, the Advanced IP Routes table is greyed out.

Next Step

3.2 Enabling the NAT Service
Top

3.2 Enabling the NAT Service

Steps
  1. Go to System /Services .
  2. In the User Service table, on the same line as Network Address Translation (NAT), set the Startup Type to Auto .
  3. Click .
Result

Next Step

3.3 Creating a Destination NAT Rule for the Uplink Network Interface
Top

3.3 Creating a Destination NAT Rule for the Uplink Network Interface

Steps
  1. Go to Network /NAT .
  2. In the Destination Network Address Translation Rules table, click .
  3. From the Activation selection list, choose Enable .
  4. In the Destination Address field, enter Uplink .
  5. From the Protocol selection list, choose TCP .
  6. In the Destination Port field, enter 8080
  7. In the New Address field, enter the local Web server address and port (e.g. 192.168.0.99:80)
  8. Click Save & Apply .
Result

Next Step

3.4 Creating a Source NAT Rule for the Lan1 Network Interface
Top

3.4 Creating a Source NAT Rule for the Lan1 Network Interface

Steps
  1. Go to Network /NAT .
  2. In the Source Network Address Translation Rules table, click .
  3. From the Activation selection list, choose Enable .
  4. In the Destination Address field, enter the local Web Server address (e.g. 192.168.0.99)
  5. From the Protocol selection list, choose TCP .
  6. In the Destination Port field, enter the local Web server port (e.g. 80).
  7. In the New Address , enter Lan1 .
  8. Click Save & Apply .
Result
Top

4 DGW Documentation

Mediatrix units are supplied with an exhaustive set of documentation.

Mediatrix user documentation is available on the Documentation Portal at http://documentation.media5corp.com

Several types of documents were created to clearly present the information you are looking for. Our documentation includes:

  • Release notes : Generated at each GA release, this document includes the known and solved issues of the software. It also outlines the changes and the new features the release includes.
  • Configuration notes : These documents are created to facilitate the configuration of a specific use case. They address a configuration aspect we consider that most users will need to perform. However, in some cases, a configuration note is created after receiving a question from a customer. They provide standard step-by-step procedures detailing the values of the parameters to use. They provide a means of validation and present some conceptual information. The configuration notes are specifically created to guide the user through an aspect of the configuration.
  • Technical bulletins : These documents are created to facilitate the configuration of a specific technical action, such as performing a firmware upgrade.
  • Hardware installation guide : They provide the detailed procedure on how to safely and adequately install the unit. It provides information on card installation, cable connections, and how to access for the first time the Management interface.
  • User guide : The user guide explains how to customise to your needs the configuration of the unit. Although this document is task oriented, it provides conceptual information to help the user understand the purpose and impact of each task. The User Guide will provide information such as where and how TR-069 can be configured in the Management Interface, how to set firewalls, or how to use the CLI to configure parameters that are not available in the Management Interface.
  • Reference guide : This exhaustive document has been created for advanced users. It includes a description of all the parameters used by all the services of the Mediatrix units. You will find, for example, scripts to configure a specific parameter, notification messages sent by a service, or an action description used to create Rulesets. This document includes reference information such as a dictionary, and it does not include any step-by-step procedures.

Top

5 Online Help

If you are not familiar with the meaning of the fields and buttons, click Show Help , located at the upper right corner of the Web page. When activated, the fields and buttons that offer online help will change to green and if you hover over them, the description will be displayed.

Top

6 Copyright Notice

Copyright © 2019 Media5 Corporation.

This document contains information that is proprietary to Media5 Corporation.

Media5 Corporation reserves all rights to this document as well as to the Intellectual Property of the document and the technology and know-how that it includes and represents.

This publication cannot be reproduced, neither in whole nor in part, in any form whatsoever, without written prior approval by Media5 Corporation.

Media5 Corporation reserves the right to revise this publication and make changes at any time and without the obligation to notify any person and/or entity of such revisions and/or changes.

Top