Create port forwarding rules to direct traffic on an external port to a port on a private IP address. The return path is handled automatically. The listen IP address on a specific WAN interface could be either the WAN IP address or one of the Additional IP Addresses on the same WAN interface. If an internal server needs to receive traffic from more than one WAN link, create a 1:1 NAT or port forwarding rule for each WAN link. If you then create a DNS domain, the Barracuda Link Balancer will automatically generate A records based on the Port Forwarding and 1:1 NAT rules.
Before you Begin:
The WAN IP address is the IP address used for general purpose NAT. If necessary, add the publicly accessible IP addresses to the configuration.
- Log into the Barracuda Link Balancer web interface.
- Go to the Basic > Links page.
- Click the + sign to expand and edit the WAN link.
Add Additional IP Addresses, the external IP addresses that are eligible to be used.
- Click Save Changes.
Create an Inbound Port Forwarding Rule
- Log into the Barracuda Link Balancer web interface.
- Go to the FIREWALL > NAT page.
- In the Port Forwarding Rules table, enter a descriptive name in the Rule Name field.
- From the Listen Link field, select the WAN link to use to listen for incoming packets on the port.
If desired, enter the hostname or the fully qualified domain name associated with the IP addresses in the Hostname field.
- In the Listen IP field, type the WAN IP address of this link and all of the Additional IP Addresses on the same WAN interface from the Basic > Links page. Select the address to use.
- Select either an application or a port for the rule:
When choosing the application option, select whether this rule should apply to any (*) application or only one from the Application list,
When choosing the port option, enter one port, a list of comma-separated ports, or a hyphenated range in the Port field.
- Specify one or any protocol from the Protocol list.
- In the Forward IP field, enter the private static IP address of the server which must be reachable from the LAN of the Barracuda Link Balancer. Or, if creating a DNAT rule for a link, type a static IP address reachable through a WAN link (usually, the firewall IP address reachable through WAN1).
- In the Ports field, enter one port, a list of comma-separated ports, or a hyphenated range. If multiple ports are being forwarded, then each port in the Listen IP Ports list corresponds one-to-one with the the Forward IP Ports list. If there are no Forward IP Ports, traffic is forwarded to the same port from which it was received.
- Make sure that you deselect Disable to enable the rule.
- Select Log to write an entry in the Firewall Log whenever this rule is executed.
- Select Auto-create firewall rule to enable auto-creating an accompanying inbound Access Firewall Rule to accept traffic on the listen link and port for the private IP address of the server.
- Click Add.
When the Firewall is Disabled
If the Barracuda Link Balancer firewall is disabled, you can create a NAT rule to map the destination IP address of the inbound traffic on one WAN link to an IP address on another WAN link.
The NAT/Port Forwarding feature allows you to add a new link without requiring an update to rules on your network firewall.
- Go to the Basic > Links page.
- Click the WAN link to open the configuration.
- Select Yes to enable the NAT/Port Forwarding setting.
- Click Save Changes.
After saving your changes here, create a Port Forwarding rule using the Firewall > NAT page.