How to Configure NAT and Firewall

Owned by Tahir Kulelija
Last updated: 06 Jul 2021 by Jason BaseleyVersion comment
3 min read

Once you complete building your Virtual Machine and configuring Internet Access to it, you can now proceed to manage ports. Managing ports at NAT and Firewall also gives you access to maintain which IPs or networks are allowed to access the server.

In this knowledge base article, you will see and example of a basic configuration showing you how to open an SSH port.


To start you will need to configure a network. Refer to our guide at Configuring a Network using the vCloud Director Portal.


Add NAT rules

NAT rules must be configured to allow the VM to be accessed using a specific port.


1. On the NAT tab, click the DNAT RULE button

 

2. Complete all the fields.

(In this example, we will configure our VM with the IP Internal 192.168.80.100 to be accessible via SSH from the internet on port 13320)

Applied on                         : CBT01-V791-NSX-UPLINK (if you are in CBT zone)

Original IP/Range             : Specify IP Public

Protocol                             : TCP

Original Port                      : Type custom port. (When opening an SSH port, in this case 22, we recommend that you do not use 22 for original port for security reasons)

Translated IP                     : Type your IP Internal/Private VM. Which VM you want to give SSH access, then type it.


Translated Port                 : 22 (This field contains the original service port)


3. Save changes



Add Firewall Rules

After you add the NAT rules, you will need to allow the port on the Firewall.


1. On the Firewall tab, click Add button. You will see a new row being added.


2. On the Source column, click the IP button if you would like to allow a connection from a specific IP only, otherwise leave it as Any.


3. On the Destination column, click on the IP button. 


4. Specify your Public IP, then click on Keep.

5. On the Service column, click the ( + ); icon.

Protocol: TCP

Source Port: any

Destination port: 13320 (this is port you want to allow to be opened. This typically same with Original port at NAT option)

6. Save changes.



Open ICMP rules (optional)

This rule opens the ICMP service so you are able to ping the Public IP.


1. On the Firewall tab, click the Add button. You will see a new row added.

2. Give it a name. Go to the Service column and click on the ( + ) icon

3. Select ICMP for Protocol. Then, Keep.

4. Save changes