External Aliases

The external aliases page is to create IP address aliases on static ethernet external interfaces. External aliases allow additional static IPs that have been provided by an ISP to be assigned to the same external interface. This is typically used to provide access to internal network servers from the Internet via a dedicated IP address.

To create an external alias, first enter the IP address of the alias into the Alias IP text field. Next, enter the network mask value into the Netmask text field. Enter a useful comment about the external alias into the Comment text field and enable the external alias by selecting the Enabled tick-box. Click the Add button to add the external alias to the Current rules list and allow the external alias to be visible to hosts on the Internet.

Following the creation of one or more external aliases, the Firewall | port forwarding configuration page will allow port forward rules to be created from an external alias (in addition to the default external IP address) using the Source IP drop-down menu.

This allows port forward rules to be created from any particular external alias listed in the Current rules region. Ports are opened and forwarded on the selected alias only. This can be combined with port ranging. Please refer to the administrator guide for example uses of this feature.

Note - It is also possible to map internal machines to an aliased IP address using the Monitor | source mapping configuration page.

Source mapping

The source mapping page is used to map specific internal hosts or subnets to an external alias. A source mapping rule will substitute the source IP address of the specified host with the IP address of a particular external alias. To the outside world, the outgoing packets will appear to originate from a dedicated IP address (the external alias).

Note - If a source mapping rule is not configured for a host, it will be NATed using the external connection's default IP address.

To enter a source mapping rule, enter a source IP, IP range or subnet range of hosts to be mapped into the Source IP text field. Leaving this field blank will apply the source mapping rule to outbound communication initiated by all network hosts. Choose the external IP address alias that will be substituted when the specified host (or hosts) initiates outbound communication from the Alias IP drop-down menu. Click the Add button to create the source mapping rule.

To remove one or more source mapping rules, locate each rule within the Current rules list and select their adjacent Mark tick-box controls. Click the Remove button.

To edit a particular source mapping rule, locate it within the Current rules list and select its adjacent Mark tick-box. Click the Edit button to populate the configuration controls in the Add a new rule region with the rule's current configuration values. Alter the configuration values as necessary, and click the Add button.

Note - Failure to click the Add button will result in the loss of the source mapping rule.

Single or multiple IP addresses can be specified in a number of different manners:

• IP address - An identifier for a single network host, written as quartet of dotted decimal values, e.g. "192.168.10.1"
• IP address range - Two IP addresses that define an inclusive range of consecutive IP addresses, e.g. "192.168.10.1-192.168.10.40".
• IP subnet [dotted decimal] - An arbitrary IP address and network mask that specifies a subnet range of IP addresses, e.g. "192.168.10.0/255.255.255.0" defines a subnet range of IP addresses from "192.168.10.0" to "192.168.10.255".
• IP subnet [network prefix] - An arbitrary IP address and network mask in network prefix notation, e.g. "192.168.10.0/24" defines a subnet range of IP addresses from "192.168.10.0" to "192.168.10.255".