How To Publish Internal Server over Internet

How To Publish Internal Server over Internet

Applicable Version: 10.02.0 Build 206, 224, 227 onwards

This article demonstrates steps to configure Cyberoam to provide the access of internal resources
using virtual host.
Virtual host implementation is based on the Destination NAT concept of older versions of Cyberoam.
Virtual Host maps services of a public IP address to services of a host in a private network. In other
words, it is a mapping of public IP address to an internal IP address. This virtual host is used as the
Destination address to access internal or DMZ server.
A Virtual host can be a single IP address or an IP address range or Cyberoam interface itself.
Cyberoam will automatically respond to the ARP request received on the WAN zone for the external
IP address of Virtual host.

Scenario
Throughout the article we will use the network parameters shown in the network diagram given
below. Outbound traffic from LAN and DMZ is allowed while inbound traffic is restricted. The Web
Server is hosted in the DMZ.
Network
components

External IP address
(Public)

IP address (Internal)

Web server

1.1.1.1

192.168.1.2 (Mapped)

For virtual hosts:

External IP: IP address through which Internet users access internal server.
Mapped IP: IP address bound to the internal server.

How To Publish Internal Server over Internet

User over WAN

Cyberoam WAN IP
1.1.1.1

Cyberoam LAN IP
192.168.1.1/24

Web Server
192.168.1.2/24

DMZ 192.168.1.0/24

LAN 191.168.2.0/24

Configuration
You must be logged on to the Web Admin Console as an administrator with Read-Write permission
for relevant feature(s).

Step 1: Create Virtual Host for Web server

Go to Firewall > Virtual Host > Virtual Host and click Add to add virtual host for Web Server with
the parameters as specified in the table below.
Parameters

Value

Name

WebServer

Specify a name to identify the host

IPv4

Select the IP Family.

Available Options:
IPv4
IPv6

IP Family

External IP

1.1.1.1

Mapped IP

192.168.1.2

Physical
Zone

DMZ

Description

Specify the external/public IP

address on which the Host will be
accessed.
Specify the Internal/private
Address of the Web Server.

IP

Specify the zone in which the host

resides

How To Publish Internal Server over Internet

Click OK and the Virtual Host for Web_Server will be added successfully.
On clicking OK, the Add Firewall Rules For Virtual Host screen appears which allows you to create
firewall rules to allow access to Web_Server from other zones such as WAN zone.
Enable Add Firewall Rule(s) For Virtual Host and set rule parameters as desired.

Click Add Rule(s) to add the firewall rule.

Note:
-

In the given example, Virtual Host configuration for Web Server is shown. Virtual Host for other
servers like Mail Server, FTP Server or Database Server can be created similarly.

While adding the Firewall Rule for the Virtual Host, it is recommended to allow only the required
services corresponding to the Server for security of the hosted server.

How To Publish Internal Server over Internet

Step 3: Verify Firewall Rule(s)

To verify the Firewall Rules, go to Firewall > Rule > IPv4 Rule. Click
to expand the DMZ DMZ
DMZ WAN and WAN DMZ firewall rules. As shown in the image, three firewall rules are created
for the virtual host of Web Server as shown in the image below.
1. Auto: Allows traffic from WAN to Server
2. Reflexive: Ensures that traffic from Server to WAN is NATted.
3. Loopback: Allows access to server from the same zone, LAN or DMZ, in which Server is placed.

Document Version 2.0 21 July, 2014