OneAccess port forward and redirect (d-nat) with OneOS

I have recently started using a refurbished OneAccess ONE50 ADSL2+ modem at home and have everything working as I wanted except for port forwarding. I looked around the internet and came across the manual here. I was expecting to find something similar to Cisco eg. 'ip nat inside' but I could not find anything similar. Instead I am using 'ip slb'. SLB is short for Server Load Balancing.

I'm unsure if this is a workaround or the only way to configure a port forward on OneOS. Eitherway, it does work.

First off you need to configure an slb 'serverfarm' which is the internal IP address object and destination protocol (TCP or UDP). As slb is actually a load balance feature you can add multiple real addresses and have the router distribute based on 'leastconns' or 'least connections'.

If you are like me and just want a basic port forward (d-nat aka destination NAT) then the below will work:

ip slb serverfarm myInternalRDPserver
 predictor leastconns
 real 192.168.0.10 3389
  inservice
 exit
exit

Once you have configured your serverfarm and added atleast one real IP you need to configure a vserver (virtual server) with the WAN IP address. In this example 202.202.202.202 is the external IP. The below exposes tcp 9990 to the internet and assigns the serverfarm created above to it.

ip slb vserver myrdp-vserver
 virtual 202.202.202.202 tcp 9990
 serverfarm myInternalRDPserver
 inservice
exit

The end result is that these rules together will forward TCP 9990 externally to the internal IP address 192.168.0.10 on tcp port 3389

inservice is required to activate or make a rule 'live'.

This works for me as I have a static IP address on my internet connection. I played around with this and tried 0.0.0.0 though had no such luck.

You can also add 'client 3.3.3.0 255.255.255.252' to the vserver rule to restrict access to the 3.3.3.0/30 subnet.

The entire configuration to port forward RDP (Remote Desktop TCP 3389) on OneOS where the public address is 202.202.202.202, the internal server IP is 192.168.0.10. The internet facing port is 3330 and the internal port is 3389. 3.3.3.0/30 is the trusted subnet to allow access from (I'm sure you can do more with ACL's but this is the simplest).

ip slb serverfarm myInternalRDPserver
 predictor leastconns
 real 192.168.0.10 3389
  inservice
 exit
exit
ip slb vserver myrdp-vserver
 virtual 202.202.202.202 tcp 9990
 serverfarm myInternalRDPserver
 client 3.3.3.0 255.255.255.252
 inservice
exit 

Comments

Popular Posts