Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: updated @ 2023-08-09T12:25:43.958870
HTML
headtrue
encodingUTF-8
<!DOCTYPE html
  SYSTEM "about:legacy-compat">
<html lang="en"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta charset="UTF-8"><meta name="copyright" content="(C) Copyright 2023"><meta name="DC.rights.owner" content="(C) Copyright 2023"><meta name="DC.type" content="concept"><meta name="description" content="In this document, port forwarding provides a secure Internet access to a device located on the LAN."><meta name="prodname" content="All Mediatrix Products"><meta name="version" content="DGW 49.12.28842941"><meta name="platform" content="All"><meta name="DC.date.modified" content="2023-0308-2809"><meta name="DC.date.issued" content="2023-0308-2809"><meta name="DC.date.available" content="2023-0308-2809"><meta name="ChapterNumbering" content="no"><meta name="DC.format" content="HTML5"><meta name="DC.identifier" content="concept_k1h_mzx_tgb"><link href="https://fonts.googleapis.com/css?family=Open+Sans" rel="stylesheet"><link rel="stylesheet" type="text/css" href="https://documentation.media5corp.com/download/attachments/45482024/commonltr.css"><link rel="stylesheet" type="text/css" href="https://documentation.media5corp.com/download/attachments/45482024/custom.css"><title>Configuring Port Forwarding for a Web Server Located on the LAN</title></head><body><header role="banner"><div class="topicmeta title">Configuring Port Forwarding for a Web Server Located on the LAN</div><div class="topicmeta date">2023-0308-28<09</div><div class="topicmeta product">All Mediatrix Products</div><div class="topicmeta version">DGW 49.12.2884<2941</div><div class="topicmeta pdf"><a href="https://documentation.media5corp.com/download/attachments/45482024/Configuring%20Port%20Forwarding%20for%20a%20Web%20Server%20Located%20on%20the%20LAN.pdf" rel="nofollow">Download PDF Document</a></div><hr><span style="float: inline-end;"></span></header><nav role="toc"><ul><li><a href="#concept_k1h_mzx_tgb">Port Forwarding - Internet to LAN</a></li><li><a href="#reference_o3x_5cp_k5">Information to Know Before Starting </a></li><li><a href="#task_rpz_cv5_bhb">Port-forwarding Overview</a><ul><li><a href="#task_bn5_rs5_ngb">Enabling IPv4 Forwarding</a></li><li><a href="#task_jyt_jw5_bhb">Enabling the NAT Service</a></li><li><a href="#task_orj_n3j_4gb">Creating a Destination NAT Rule for the Uplink Network Interface</a></li><li><a href="#task_hs5_c41_sgb">Creating a Source NAT Rule for the Lan1 Network Interface</a></li></ul></li><li><a href="#concept_v4k_q3h_1r">DGW Documentation</a></li><li><a href="#reference_j4g_nbv_gfb">Online Help</a></li><li><a href="#concept_fqm_rv4_k4">Copyright Notice</a></li></ul></nav><main role="main"><article role="article" aria-labelledby="ariaid-title1"><hr><span style="float: inline-end;"><a href="#">Top</a></span><article class="nested0" aria-labelledby="ariaid-title1" id="concept_k1h_mzx_tgb">
 <h1 class="title topictitle1" id="ariaid-title1">Port Forwarding - Internet to LAN</h1>
 
 <div class="body conbody"><p class="shortdesc">In this document, port forwarding provides a secure Internet access to a device located
  on the LAN.</p>
  <p class="p">In other words, port forwarding is set up to redirect a port on the Uplink interface of the
   Mediatrix unit, and forward it to the Lan1 Network interface, so that it connects to the the IP
   address and port of a server or PBX in the internal network.</p>
  <div class="p">This document is an example based on the assumption that: <ul class="ul" id="concept_k1h_mzx_tgb__ul_umh_b55_bhb">
    <li class="li">The external port on the Uplink interface of the Mediatrix unit is
     <span class="keyword wintitle">8080</span>. </li>
    <li class="li">The internal IP and port of the internal device (Server or PBX) is
      <span class="keyword wintitle">192.168.0.99</span> port <span class="keyword wintitle">80</span>.</li>
   </ul><div class="note note note_note"><span class="note__title">Note:</span> Port 8080 is used as an external port because it must remain possible to manage the
    Mediatrix unit through its Web interface on port <span class="keyword wintitle">80</span>. This way, the internal
    Server/PBX will be accessible at <a class="xref" href="http://mediatrix.example.com:8080" target="_blank">http://mediatrix.example.com:8080</a> , while normal <a class="xref" href="http://mediatrix.example.com" target="_blank">http://mediatrix.example.com</a> will still remain accessible.</div></div>
  <div class="p">
   <br><img class="image" id="concept_k1h_mzx_tgb__image_opc_kdy_tgb" src="https://documentation.media5corp.com/download/attachments/45482024/PortForwardingWebserverlocatedontheLan.png" width="800"><br>
  </div>
 </div>
</article><hr><span style="float: inline-end;"><a href="#">Top</a></span><article class="topic reference nested0" aria-labelledby="ariaid-title2" id="reference_o3x_5cp_k5">
  <h1 class="title topictitle1" id="ariaid-title2">Information to Know Before Starting </h1>
  <div class="body refbody">
    <section class="section">The Following values are used as an example in this document. They can be used as is,
      or changed to reflect your environment.<table class="table frame-all" id="reference_o3x_5cp_k5__table_ixn_tbv_bhb"><caption></caption><colgroup><col style="width:29.850746268656714%"><col style="width:70.1492537313433%"></colgroup><thead class="thead">
            <tr class="row">
              <th class="entry colsep-1 rowsep-1" id="reference_o3x_5cp_k5__table_ixn_tbv_bhb__entry__1">Example Value</th>
              <th class="entry colsep-1 rowsep-1" id="reference_o3x_5cp_k5__table_ixn_tbv_bhb__entry__2">Description </th>
            </tr>
          </thead><tbody class="tbody">
            <tr class="row">
              <td class="entry colsep-1 rowsep-1" headers="reference_o3x_5cp_k5__table_ixn_tbv_bhb__entry__1">8080</td>
              <td class="entry colsep-1 rowsep-1" headers="reference_o3x_5cp_k5__table_ixn_tbv_bhb__entry__2">External port on the Uplink interface of the Mediatrix unit. This can be
                changed, but will work in most environments. </td>
            </tr>
            <tr class="row">
              <td class="entry colsep-1 rowsep-1" headers="reference_o3x_5cp_k5__table_ixn_tbv_bhb__entry__1">192.168.0.99</td>
              <td class="entry colsep-1 rowsep-1" headers="reference_o3x_5cp_k5__table_ixn_tbv_bhb__entry__2">Internal IP address of the internal device (PBX server).<ul class="ul" id="reference_o3x_5cp_k5__ul_bz4_w2v_bhb">
                  <li class="li">Change the value to reflect the address of your PBX server, or</li>
                  <li class="li">Change the address of the PBX server to use 192.168.0.99</li>
                </ul></td>
            </tr>
            <tr class="row">
              <td class="entry colsep-1 rowsep-1" headers="reference_o3x_5cp_k5__table_ixn_tbv_bhb__entry__1">80</td>
              <td class="entry colsep-1 rowsep-1" headers="reference_o3x_5cp_k5__table_ixn_tbv_bhb__entry__2">Internal port of the internal device (PBX server). This can be changed, but
                will work on most environments.</td>
            </tr>
          </tbody></table></section>
  </div>
</article><hr><span style="float: inline-end;"><a href="#">Top</a></span><article class="topic task nested0" aria-labelledby="ariaid-title3" id="task_rpz_cv5_bhb">
    <h1 class="title topictitle1" id="ariaid-title3">Port-forwarding Overview</h1>
    <div class="body taskbody">
        <section class="section context"><div class="tasklabel"><strong class="sectiontitle tasklabel">Context</strong></div>This overview is an example based on the assumption that: <ul class="ul" id="task_rpz_cv5_bhb__ul_umh_b55_bhb">
                <li class="li">The external port on the Uplink interface of the Mediatrix unit is
                        <span class="keyword wintitle">8080</span>. </li>
                <li class="li">The internal IP and port of the internal device (Server or PBX) is
                        <span class="keyword wintitle">192.168.0.99</span> port <span class="keyword wintitle">80</span>.</li>
            </ul></section>
        <section id="task_rpz_cv5_bhb__steps_kbm_gv5_bhb"><div class="tasklabel"><strong class="sectiontitle tasklabel">Steps</strong></div><ol class="ol steps" id="task_rpz_cv5_bhb__steps_kbm_gv5_bhb"><li class="li step">
                <span class="ph cmd">A connection request comes from the laptop.example.net to the external IP of
                    the Mediatrix unit (eg: <a class="xref" href="http://mediatrix.example.com:8080/" target="_blank">http://mediatrix.example.com:8080</a>
                    ).</span>
            </li><li class="li step">
                <span class="ph cmd">A Destination NAT (DNAT) rule will transform this connection on port 8080 on
                    the Uplink address into the real address of the internal service (eg <a class="xref" href="http://192.168.0.99:80" target="_blank">http://192.168.0.99:80</a> ) refer to <a class="xref" href="#task_orj_n3j_4gb">Creating a Destination NAT Rule for the Uplink Network Interface</a>.</span>
            </li><li class="li step">
                <span class="ph cmd">The packet will be forwarded to the Lan1 interface.</span>
            </li><li class="li step">
                <span class="ph cmd">However, since the external device and the internal service are on different
                    subnets, they will not be able to talk to each other, unless some Source NAT
                    (SNAT) rules are added. There are two possible options:</span>
                <ol type="a" class="ol substeps" id="task_rpz_cv5_bhb__substeps_np2_lv5_bhb">
                    <li class="li substep">
                        <span class="ph cmd">Configuring the Mediatrix as a full NAT/Router to give access to all
                            the LAN devices to the internet. This approach works well in simple
                            small office/home office scenarios. However, it involves either
                            reconfiguring devices on the LAN or installing a DHCP server, which is
                            outside the scope of these configuration notes. It can also have
                            security implications, or require much more configuration with some
                            network topologies such as VLANs, VPNs, multiple routers or internet
                            connections, etc.</span>
                    </li>
                    <li class="li substep">
                        <span class="ph cmd">Use a simple Source NAT (SNAT) rule to make the connection appear as if
                            it came directly from the Mediatrix unit Lan1 IP address. Refer to <a class="xref" href="#task_hs5_c41_sgb">Creating a Source NAT Rule for the Lan1 Network Interface</a>. This has the advantages of being very simple to configure, works
                            with any network topology, and is fairly secure since it only allows
                            access from a single port to a specific device and port. It does have
                            one caveat: your internal device will see all traffic coming from the
                            Mediatrix unit and won't be able to log the external source IP. If
                            that's the case, you'll need to go the full NAT route. </span>
                    </li>
                </ol>
            </li></ol></section>
    </div>
<hr><span style="float: inline-end;"><a href="#">Top</a></span><article class="topic task nested1" aria-labelledby="ariaid-title4" id="task_bn5_rs5_ngb">
    <h2 class="title topictitle2" id="ariaid-title4">Enabling IPv4 Forwarding</h2>
    <div class="body taskbody">
        <section id="task_bn5_rs5_ngb__steps_vpr_vs5_ngb"><div class="tasklabel"><strong class="sectiontitle tasklabel">Steps</strong></div><ol class="ol steps" id="task_bn5_rs5_ngb__steps_vpr_vs5_ngb"><li class="li step">
                <span class="ph cmd">Go to <span class="keyword wintitle">Network</span>/<span class="keyword wintitle">IP Routing</span>.</span>
            </li><li class="li step">
                <span class="ph cmd">In the <span class="keyword wintitle">IP Routing configuration</span>
                    table, select <span class="keyword wintitle">Enable</span>.</span>
            </li><li class="li step">
                <span class="ph cmd">Click <span class="keyword wintitle">Save</span>.</span>
            </li></ol></section>
        <section class="section result"><div class="tasklabel"><strong class="sectiontitle tasklabel">Result</strong></div>If IP Forwarding is disabled, the <span class="keyword wintitle">Advanced IP Routes</span> table is greyed
            out. <br><img class="image" id="task_bn5_rs5_ngb__image_qxg_1z5_ngb" src="https://documentation.media5corp.com/download/attachments/45482024/IPRoutingConfiguration.png" width="800"><br></section>
    </div>
<nav role="navigation" class="related-links"><div class="linklist relinfo reltasks"><div class="linklistlabel"><strong class="sectiontitle linklistlabel">Next Step</strong></div><ul class="linklist"><li class="linklist"><a class="link" href="#task_jyt_jw5_bhb">Enabling the NAT Service</a></li></ul></div></nav></article><hr><span style="float: inline-end;"><a href="#">Top</a></span><article class="topic task nested1" aria-labelledby="ariaid-title5" id="task_jyt_jw5_bhb">
    <h2 class="title topictitle2" id="ariaid-title5">Enabling the NAT Service</h2>
    <div class="body taskbody">
        <section id="task_jyt_jw5_bhb__steps_w4x_lw5_bhb"><div class="tasklabel"><strong class="sectiontitle tasklabel">Steps</strong></div><ol class="ol steps" id="task_jyt_jw5_bhb__steps_w4x_lw5_bhb"><li class="li step">
                <span class="ph cmd">Go to <span class="keyword wintitle">System</span>/<span class="keyword wintitle">Services</span>.</span>
            </li><li class="li step">
                <span class="ph cmd">In the <span class="keyword wintitle">User Service</span>
                    table, on the same line as Network Address Translation (NAT), set the <span class="keyword wintitle">Startup Type</span> to <span class="keyword wintitle">Auto</span>.</span>
            </li><li class="li step">
                <span class="ph cmd">Click <img class="image" id="task_jyt_jw5_bhb__image_p13_ww5_bhb" src="https://documentation.media5corp.com/download/attachments/45482024/fleche.jpg" width="15">.</span>
            </li></ol></section>
        <section class="section result"><div class="tasklabel"><strong class="sectiontitle tasklabel">Result</strong></div>
            <br><img class="image" id="task_jyt_jw5_bhb__image_wvk_fx5_bhb" src="https://documentation.media5corp.com/download/attachments/45482024/natservice.png" width="800"><br>
        </section>
    </div>
<nav role="navigation" class="related-links"><div class="linklist relinfo reltasks"><div class="linklistlabel"><strong class="sectiontitle linklistlabel">Next Step</strong></div><ul class="linklist"><li class="linklist"><a class="link" href="#task_orj_n3j_4gb">Creating a Destination NAT Rule for the Uplink Network Interface</a></li></ul></div></nav></article><hr><span style="float: inline-end;"><a href="#">Top</a></span><article class="topic task nested1" aria-labelledby="ariaid-title6" id="task_orj_n3j_4gb">
    <h2 class="title topictitle2" id="ariaid-title6">Creating a Destination NAT Rule for the Uplink Network Interface</h2>
    <div class="body taskbody">
        <section id="task_orj_n3j_4gb__steps_cmf_z3j_4gb"><div class="tasklabel"><strong class="sectiontitle tasklabel">Steps</strong></div><ol class="ol steps" id="task_orj_n3j_4gb__steps_cmf_z3j_4gb"><li class="li step">
                <span class="ph cmd">Go to <span class="keyword wintitle">Network</span>/<span class="keyword wintitle">NAT</span>.</span>
            </li><li class="li step">
                <span class="ph cmd">In the <span class="keyword wintitle">Destination Network
                Address Translation Rules</span> table, click <img class="image" id="task_orj_n3j_4gb__image_i2c_cw1_sgb" src="https://documentation.media5corp.com/download/attachments/45482024/Plusbleu.jpg" width="15">.</span>
            </li><li class="li step">
                <span class="ph cmd">From the <span class="keyword wintitle">Activation</span>
                    selection list, choose <span class="keyword wintitle">Enable</span>.</span>
            </li><li class="li step">
                <span class="ph cmd">In the <span class="keyword wintitle">Destination Address</span> field,
                    enter <span class="keyword wintitle">Uplink</span>.</span>
            </li><li class="li step">
                <span class="ph cmd">From the <span class="keyword wintitle">Protocol</span>
                    selection list, choose <span class="keyword wintitle">TCP</span>.</span>
            </li><li class="li step">
                <span class="ph cmd">In the <span class="keyword wintitle">Destination Port</span> field, enter 8080</span>
            </li><li class="li step">
                <span class="ph cmd">In the <span class="keyword wintitle">New Address</span>
                    field, enter the local Web server address and port (e.g. 192.168.0.99:80)</span>
            </li><li class="li step">
                <span class="ph cmd">Click <span class="keyword wintitle">Save &amp; Apply</span>.</span>
            </li></ol></section>
        <section class="section result"><div class="tasklabel"><strong class="sectiontitle tasklabel">Result</strong></div>
            <br><img class="image" id="task_orj_n3j_4gb__image_smf_fs1_sgb" src="https://documentation.media5corp.com/download/attachments/45482024/SourceNetworkAddressTranslationRules_forUplinkNetworkInterface.png" width="800"><br>
        </section>
    </div>
<nav role="navigation" class="related-links"><div class="linklist relinfo reltasks"><div class="linklistlabel"><strong class="sectiontitle linklistlabel">Next Step</strong></div><ul class="linklist"><li class="linklist"><a class="link" href="#task_hs5_c41_sgb">Creating a Source NAT Rule for the Lan1 Network Interface</a></li></ul></div></nav></article><hr><span style="float: inline-end;"><a href="#">Top</a></span><article class="topic task nested1" aria-labelledby="ariaid-title7" id="task_hs5_c41_sgb">
    <h2 class="title topictitle2" id="ariaid-title7">Creating a Source NAT Rule for the Lan1 Network Interface</h2>
    <div class="body taskbody">
        <section id="task_hs5_c41_sgb__steps_os2_f41_sgb"><div class="tasklabel"><strong class="sectiontitle tasklabel">Steps</strong></div><ol class="ol steps" id="task_hs5_c41_sgb__steps_os2_f41_sgb"><li class="li step">
                <span class="ph cmd">Go to <span class="keyword wintitle">Network</span>/<span class="keyword wintitle">NAT</span>.</span>
            </li><li class="li step">
                <span class="ph cmd">In the <span class="keyword wintitle">Source Network Address Translation Rules</span> table, click <img class="image" id="task_hs5_c41_sgb__image_i2c_cw1_sgb" src="https://documentation.media5corp.com/download/attachments/45482024/Plusbleu.jpg" width="15">.</span>
            </li><li class="li step">
                <span class="ph cmd">From the <span class="keyword wintitle">Activation</span>
                    selection list, choose <span class="keyword wintitle">Enable</span>.</span>
            </li><li class="li step">
                <span class="ph cmd">In the <span class="keyword wintitle">Destination Address</span> field,
                    enter the local Web Server address (e.g. 192.168.0.99)</span>
            </li><li class="li step">
                <span class="ph cmd">From the <span class="keyword wintitle">Protocol</span>
                    selection list, choose <span class="keyword wintitle">TCP</span>.</span>
            </li><li class="li step">
                <span class="ph cmd">In the <span class="keyword wintitle">Destination Port</span> field, enter the local Web server port (e.g. 80).</span>
            </li><li class="li step">
                <span class="ph cmd">In the <span class="keyword wintitle">New Address</span>,
                    enter <span class="keyword wintitle">Lan1</span>.</span>
            </li><li class="li step">
                <span class="ph cmd">Click <span class="keyword wintitle">Save &amp; Apply</span>.</span>
            </li></ol></section>
        <section class="section result"><div class="tasklabel"><strong class="sectiontitle tasklabel">Result</strong></div>
            <br><img class="image" id="task_hs5_c41_sgb__image_qvd_rq1_sgb" src="https://documentation.media5corp.com/download/attachments/45482024/SourceNetworkAddressTranslationRules_forLANNetworkInterface.png" width="800"><br>
        </section>
    </div>
</article></article><hr><span style="float: inline-end;"><a href="#">Top</a></span><article class="topic concept nested0" aria-labelledby="ariaid-title8" id="concept_v4k_q3h_1r">
 <h1 class="title topictitle1" id="ariaid-title8">DGW Documentation</h1>
 
 <div class="body conbody"><p class="shortdesc">Mediatrix devices are supplied with an exhaustive set of documentation. </p>
  <p class="p">Mediatrix user documentation is available on the <a class="xref" href="http://documentation.media5corp.com" target="_blank">Media5 Documentation
    Portal</a>.</p>
  <div class="p">Several types of documents were created to clearly present the information you are looking for.
   Our documentation includes:<ul class="ul" id="concept_v4k_q3h_1r__ul_bqy_cjh_1r">
    <li class="li"><strong class="ph b">Release notes</strong>: Generated at each GA release, this document includes the known and
     solved issues of the software. It also outlines the changes and the new features the release
     includes.</li>
    <li class="li"><strong class="ph b">Configuration notes</strong>: These documents are created to facilitate the configuration of a
     specific use case. They address a configuration aspect we consider that most users will need to
     perform. However, in some cases, a configuration note is created after receiving a question
     from a customer. They provide standard step-by-step procedures detailing the values of the
     parameters to use. They provide a means of validation and present some conceptual information.
     The configuration notes are specifically created to guide the user through an aspect of the
     configuration. </li>
    <li class="li"><strong class="ph b">Technical bulletins</strong>: These documents are created to facilitate the configuration of a
     specific technical action, such as performing a firmware upgrade.</li>
    <li class="li"><strong class="ph b">Hardware installation guide</strong>: They provide the detailed procedure on how to safely and
     adequately install the unit. It provides information on card installation, cable connections,
     and how to access for the first time the Management interface.</li>
    <li class="li"><strong class="ph b">User guide</strong>: The user guide explains how to customise to your needs the configuration
     of the unit. Although this document is task oriented, it provides conceptual information to
     help the user understand the purpose and impact of each task. The User Guide will provide
     information such as where and how TR-069 can be configured in the Management Interface, how to
     set firewalls, or how to use the CLI to configure parameters that are not available in the
     Management Interface.</li>
    <li class="li"><strong class="ph b">Reference guide</strong>: This exhaustive document has been created for advanced users. It
     includes a description of all the parameters used by all the services of the Mediatrix units.
     You will find, for example, scripts to configure a specific parameter, notification messages
     sent by a service, or an action description used to create Rulesets. This document includes
     reference information such as a dictionary, and it does not include any step-by-step
     procedures. </li>
   </ul></div>
 </div>
</article><hr><span style="float: inline-end;"><a href="#">Top</a></span><article class="topic reference nested0" aria-labelledby="ariaid-title9" id="reference_j4g_nbv_gfb">
  <h1 class="title topictitle1" id="ariaid-title9">Online Help</h1>
  <p class="shortdesc"><span class="ph">If you are not familiar with the meaning of the fields and
                buttons, click <span class="keyword wintitle">Show Help</span>, located at the upper right corner of
                the Web page. When activated, the fields and buttons that offer online help will
                change to green and if you hover over them, the description will bedisplayed.</span></p>
</article><hr><span style="float: inline-end;"><a href="#">Top</a></span><article class="topic concept nested0" aria-labelledby="ariaid-title10" id="concept_fqm_rv4_k4">
 <h1 class="title topictitle1" id="ariaid-title10">Copyright Notice</h1>
 

 <div class="body conbody"><p class="shortdesc">Copyright © 2023 Media5 Corporation.</p>
  <p class="p">This document contains information that is proprietary to Media5 Corporation.</p>
  <p class="p">Media5 Corporation reserves all rights to this document as well as to the Intellectual Property
   of the document and the technology and know-how that it includes and represents.</p>
  <p class="p">This publication cannot be reproduced, neither in whole nor in part, in any form whatsoever,
   without written prior approval by Media5 Corporation.</p>
  <p class="p">Media5 Corporation reserves the right to revise this publication and make changes at any time
   and without the obligation to notify any person and/or entity of such revisions and/or
   changes.</p>
 </div>
</article></article></main></body></html>