This Guide is For:
- End Users
- Resellers
- Distributors
- Master Distributors
⚠️ IMPORTANT PREREQUISITE
Before creating any NAT rules, you must add your device’s LAN IP address to the SimRush-dst-NAT Client address list. Without this step, your NAT rules will not work.
How to manage NAT rules and Port Forwarding
-
- Navigate to the Site Management page. https://portal.netpanel.app/sites/list
-
- Select the Site that contains the Hardware you wish to manage
-
- Scroll down the page and Select “Firewall > NAT Rules”
Adding a NAT Rule / Port Forwarding
If you wish to add a NAT Rule/Port Forwarding, you must either have a Public IP licence or have a Public address on your AUX interface for this process to work correctly.
To add a new NAT rule, click on the red “Add NAT” on the left side.
You will need to select the Direction in which the rule is going to work.
Inbound – Used for any rules TO the router/LAN FROM the Internet
Outbound – Used for any rules FROM the router/LAN TO the Internet
Inbound NAT / Port Forwarding
Selecting the Direction of “Inbound” you will need to configure the following:
| Value | Description |
|---|---|
| Direction | Select for Inbound or Outbound rules |
| Inbound Interface | Select the specific interface you wish to apply the rule to |
| Inbound Public IP (WAN) | Specify the Public IP you wish to apply the rule to e.g. if you have enabled the Public IP licence use the address which has been allocated |
| Protocol | Select the protocol for the rule from the list |
| Inbound Port | Specify the port on the public facing side of the router |
| Source Address | Specify a Source address if you wish to only allow from a known public address |
| Source Address Range | Specify whether this is a Range of addresses by adding the End address |
| Action | Select the action: dst-NAT – Destination-NAT used for Inbound src-NAT – Source-NAT used for Outbound redirect – Redirects the connection accept – accepts the inbound connection |
| Destination Address (LAN) | Specify the LAN address you wish to forward the port to |
| Destination Port (Auto if Blank) | Specify the port you wish to direct the forwarding to If left blank it will use the same port as the Inbound port value |
| Comment | Enter a comment for the rule |
| Enabled | Selects whether the rule is Enabled or Disabled |
The example rule below is setup to allow a inbound connection from the Public IP address assigned by the licence for port 8080 to forward to port 80 for a CCTV NVR camera system.
For added security you can specify under the “Source Address” field the public IP address or range of a known/safe IP. Alternatively, you can use firewall address lists to manage groups of IP addresses more efficiently, especially when you need to allow access from multiple known sources.
Outbound NAT / Port Forwarding
Selecting the Direction of “Outbound” you will need to configure the following:
| Value | Description |
|---|---|
| Direction | Select for Inbound or Outbound rules |
| Protocol | Select the protocol for the rule from the list |
| Source Port | Specify the Source Port |
| Source Address (LAN) | Specify the LAN address |
| Source Address Range | Specify whether this is a Range of addresses by adding the End address |
| Source Address List | Specifies the Source Address-List you wish to use |
| Source Interface | Select the specific interface you wish to apply the rule to |
| Source Interface List | Specify the Source Interface List SimRush-LAN – The LAN interfaces SimRush-WAN – The WAN interfaces |
| Dst. Address Type | |
| Action | Select the action: dst-NAT – Destination-NAT used for Inbound src-NAT – Source-NAT used for Outbound redirect – Redirects the connection accept – accepts the inbound connection |
| NAT Address (WAN) | Specify the Public IP you wish to apply the rule to e.g. if you have enabled the Public IP licence use the address which has been allocated |
| NAT Port | Specify the port on the public facing side of the router |
| Comment | Enter a comment for the rule |
| Enabled | Selects whether the rule is Enabled or Disabled |
The example rule below is setup to allow a outbound connection from the LAN address to force a device out a specific path.
Removing a NAT Rule / Port Forwarding
You can remove a NAT Rule or Port forwarding by 2 methods
-
- Clicking the three dots under the “action” column and selecting Delete, this will permanently remove the rule.
-
- Clicking the three dots under the “action” column and selecting Edit, then at the bottom of the rule select the Enable toggle to disable the rule.