We use cookies on our website to ensure we provide you with the best experience on our website. By using our website, you agree to the use of cookies for analytics and personalized content.This website uses cookies. More Information
It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda Link Balancer

How do I configure Firewall rules on my Barracuda Link Balancer?

  • Type: Knowledgebase
  • Date changed: 11 months ago
Solution #00003671

Scope:
All Barracuda Link Balancers, firmware version 2.1.0.010 and above.

Answer:
The Barracuda Link Balancer can act as a firewall, inspecting network traffic as it arrives.

It can allow or deny packets via set of rules. These rules include inbound, outbound, 1:1 NAT and port forward rules. While the firewall is disabled, you may use the firewall rules for any link other than WAN1.

Prerequisites:

If you?re replacing an existing network firewall:
  •  Basic > IP Configuration : Firewall Mode: set to ?On?
  •  Basic > Links: Additional IP address Field: Include the public IP addresses that will be used in the rules.

If you?re placing the Barracuda Link Balancer in front of your network firewall:
  • Basic > Links: NAT/Port Forward: For all WAN links accept WAN1, the NAT/Port Forward Option must be enabled.
  • Basic > Links: Additional IP address Field: Include the public IP addresses that will be used in the firewall rules.

To add a 1:1 NAT rule:
  1. If necessary, add the publicly accessible IP addresses to the configuration. On the Basic > Links page, click the plus sign to expand and edit the WAN link. The WAN IP address is the IP address used for general purpose NAT. Add Additional IP Addresses which are the external IP addresses that are eligible to be used for 1:1 NAT.
  2. On the Firewall > NAT page, in the 1:1 NAT Rules table, complete the following fields:
    • Rule Name
    • Listen Link ? Select the WAN link to use.
    • Hostname ? Optional. The hostname or the fully qualified domain name associated with these IP addresses.
    • Listen IP ? shows all of the Additional IP Addresses from the Basic > Links page.
    • Forward IP ? Type the private static IP address of the server which must be reachable from the LAN of the Barracuda Link Balancer. (It may         be a public IP address within WAN1?s subnet.)
    • Disable ? Clear the check box to enable the rule.
    • Log ? Select the check box to write an entry in the Firewall Log whenever this rule is executed.
  3. Click Add.
  4. Save Changes.

To add an inbound port forwarding rule:
  1. If you haven't already done so, add the publicly accessible IP addresses to the configuration. On the Basic > Links page, click the plus sign to expand and edit the WAN link. The WAN IP address is the IP address used for general purpose NAT. Add Additional IP Addresses which are the external IP addresses that are eligible to be used for 1:1 NAT.
  2. On the Firewall > NAT page, in the Port Forwarding Rules table, complete the following fields:
    • Rule Name
    • Listen Link ? Select the WAN link to be used to listen for incoming packets on the port.
    • Hostname ? Optional. The hostname or the fully qualified domain name associated with these IP addresses.
    • Listen IP ? The WAN IP address of this link and all of the Additional IP Addresses on the same WAN interface from the Basic > Links page. Select the address to use.
    • Application ? Applications allow you to associate a name with a set of one or more ports. You can define an application using the Policy > Applications page. For any rule, select either an application or a port.
    • Port ? Enter one port, a list of comma-separated values, or a hyphenated range.
    • Protocol
    • Forward IP ? Type the private static IP address of the server which must be reachable from the LAN of the Barracuda Link Balancer. (It may be a public IP address within WAN1?s subnet.)
    • Ports ? Enter one port, a list of comma-separated values, or a hyphenated range. If multiple ports are being forwarded then each port in the Listen IP Ports box corresponds one-to-one with the entries in the Forward IP Ports box. If there are no entries in this box, traffic is forwarded to the same port as the one on which it was received.
    • Disable ? Select the check box to disable the rule.
    • Log ? Select the check box to write an entry in the Firewall Log whenever this rule is executed.
  3. Click Add.
  4. Save Changes.
When you add a port forwarding rule, an inbound firewall rule is created automatically to accept traffic on the Listen Link and Port for the private IP address of the server. Without this rule, all connections that are initiated from outside are denied. You can view and change this rule ? it has a similar Rule Name ? using the Firewall > Inbound page.

To edit a rule, make changes to the entry and click Save Changes.

Link to this page:

https://campus.barracuda.com/solution/50160000000HRh3AAG