Chapter 3 – NAT

3-2 Destination NAT

Learning Objectives

  • Create a virtual IP address
  • Create a Destination NAT
  • Create a Port Forwarding


Scenario: We are going to enable Destination NAT(DNAT) and able to reach WordPress from WebTerm1. That means if someone from WebTerm1 opens the browser and types should be able to reach WordPress.

Destination NAT

Destination NAT Main scenario
Figure 3-8: Main scenario

VIP (Virtual IP address)

  1. Go to Policy Objects> Virtual IPs and Create a new Virtual IP
    • Name: outsideToDMZ
    • Interface: Port 4
    • External IP address:
    • Mapped IP address: 192.168.1.X(Find the local IP address of your WordPress)
    • Enable Port Forwarding:
      • External Service Port: TCP 80 
      • Map to Port: TCP 80
Configure Virtual IP
Figure 3-9: Configure Virtual IP

Create a Firewall Policy

You will create a new firewall policy to match a specific source, destination, service, and action set to Accept.

Table 3-2:Firewall policy configuration
Field Value
Name Outside-DMZ
Incoming Interface Port 4
Outgoing Interface Port 2
Source All
Destination Select your VIP Name( outsideToDMZ)
Schedule Always
Service HTTP
Log Violation Traffic <enable>
Enable this policy <enable>

Click OK to save the changes.

Set Firewall Policy
Figure 3-10: Set Firewall Policy

To confirm traffic matches, go to WebTerm1, open the browser and type in the browser. You should be able to reach WordPress.

You should be able to reach WordPress
Figure 3-11: Verify configuration

Port Forwarding

main scenario
Figure 3-12: main scenario

1- Set the interface of Kali as a DHCP client and enable SSH in Kali. To enable SSH in Kali type Figure 3-13 command:

To enable SSH in Kali user service ssh start
Figure 3-13: Enable SSH service in Kali
Verify you've received an IP address from DHCP
Figure 3-14: Verify you’ve received an IP address from DHCP

2- Repeat the previous steps we have done for DNAT and try to reach Kali from port 8080(Port Forwarding: 8080 🡪 22)

Map External port 8080 to local port 22
Figure 3-15: Map External port 8080 to local port 22
Set Firewall Policy
Figure 3-16: Set Firewall Policy

3- Verify your connection from WebTerm ( Hint: ssh user@ -p 8080).

Verify SSH connection
Figure 3-17: Verify SSH connection


Share This Book