It essentially means "If traffic comes to this port, I will forward it to this internal machine on that port". This is where port forwarding comes into play. If someone would like to send a mail to someone living in this hotel, the hotel wouldn't know what to do and just throws the letter away. The disadvantage is that this only works if the person in the hotel writes first. The recipient will write a reply to the hotel, and the hotel lobby will give the mail to the person who initially sent the mail. The sender is the hotel, and the recipient sees that it comes from the hotel. Mails sent from the hotel go to the lobby, which then send the mail out. The hotel has one address, but many rooms internally. I won't go into detail, but think of it like a hotel lobby. How is this possible, if above I said each address corresponds to one computer?
If you are at home and have multiple devices at hand, you can search for your external IP address and you will see that all of them likely have the same address. That means your computer could be running a Minecraft server on port 25565, an Unreal Tournament 2004 server on port 7777 and a web server on port 80 and 443. This is done so that a computer can have many different applications running at the same time, with each listening to different port. a Minecraft server), that application listens to a specific port, such as 25565.Ī packet sent to a computer has to contain it's address, but also the port which corresponds to the application that is supposed to handle the packet. In order to communicate with a specific application on that computer (e.g. This address represents one computer 1 somewhere on the internet. A typical IPv4 address will look something like 173.194.222.139. The internet works based on IP addresses. In-interface=PPPoE_WAN protocol=tcp to-addresses=192.168.15.To answer your question bluntly, " No, it would not make you more secure." However, your question shows that you are relatively new to networking and security, so I would like to expand my answer a bit, to give you some context for it. "defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \Ĭonnection-state=new in-interface-list=WANĪdd action=drop chain=forward comment="drop all else"Īdd action= accept chain=forward comment="allow port forwarding" \Ĭonnection-nat-state=dstnat connection-state=new in-interface-list=WANĪdd action=dst-nat chain=dstnat comment="Minecraft Server" dst-port=25565 \ The second last rules in the forward chain could be cleaned up as its slightly redundant due to the more encompassing last rule> The idea here is to state what traffic you are allowing. The firewall rule for port forwarding is the default one so it looks okay but needs to be refined! Only thing in firewall rules to clarify is that your IOT devices are not included in list internet and thus cannot access the internet.Īll my IOT devices need to talk to the internet cloud of some sort?
0 kommentar(er)
