Normally, a Corente Services Gateway prevents access to the LAN from the Internet/WAN, allowing external connections only from partner Locations or Corente Clients. Sometimes, however, your corporate network contains servers that must be reachable by Internet/WAN traffic. For example, a web server that serves your company’s website, or a mail server that must be reachable by other mail servers so that your employees can get emails from outside your company. Despite the fact that these servers should remain inside your LAN or DMZ so that they are protected and cannot be compromised by external attacks, they require a public address so that they are reachable by computers on the Internet/WAN when contacted with the permitted type of traffic. Port forwarding allows these servers to use the gateway’s WAN interface as their own public interface, with the gateway filtering out the unwanted traffic and passing on only the approved type of traffic to the designated server.
Specifically, port forwarding allows an administrator to forward traffic bound for particular ports of the gateway’s WAN address to the appropriate servers behind the gateway. For example, port forwarding can be configured so that all traffic pointed at the gateway’s WAN address and port 80 (the standard port used for HTTP traffic) is forwarded by the gateway to a web server in your DMZ. Your web server is secured safely behind the gateway yet still reachable from the Internet/WAN; the LAN addressing is hidden and the gateway makes certain that only the traffic you choose to allow can reach the server.
In addition, if multiple DMZ servers will need to utilize the same port, an administrator can create multiple alias addresses for the gateway’s WAN interface and ensure that all incoming traffic through the gateway to that alias address is forwarded to specific servers on the private LAN of the DMZ. Aliases are used, for example, when you have two web servers in your DMZ that both use HTTP on port 80. One server can use the WAN address of the gateway as its routable address, but each additional server using port 80 will require a distinct routable address to ensure that traffic is routed appropriately. The addresses that you use as aliases must be routable addresses that are otherwise not in use.
Port forwarding and aliases are not necessarily used only with a DMZ; they can also be used whenever you have multiple servers using the same port and you would like them all to be reachable from the Internet/WAN. These multiple servers may not reside in your DMZ, but directly on your LAN.