NAT/Protocols

NAT rules for specific (complex) protocols are collected here. = VNC, destination NAT =

VNC (Virtual Network Computing), protocol for remote GUI access uses port range 5900-6000. rule 10 { destination { address $wanIP port 5900-6000 }    inbound-interface $wanIface inside-address { address $lanIP port 5900-6000 }    protocol tcp type destination } = FTP, destination NAT =

To do DNAT for FTP you just need to translate control connection to port 21, connection tracking engine will do the rest. rule 160 { destination { address $wanIP port 21 }    inbound-interface $wanIface inside-address { address $lanIP port 21 }    protocol tcp type destination }