Forward-basic
Port Forwarding - Basic
When traffic is initiated from the Internet towards Tomato64's WAN IP on a specific port, it is either answered by Tomato64 (if a service is enabled for the port) or dropped. However, in some situations, you'll want WAN port traffic always redirected to a specific LAN IP address/port. This can be helpful for applications such an internal web/mail server, gaming, VoIP or certain VPN tunnelling protocols. The Basic Port Forwarding menu allows you to do this.
NAT
NAT (Network Address Translation) is a feature which allows multiple LAN clients with private (non-routable) IP addresses to connect to the Internet via a single public IP address. NAT re-addresses outgoing packets to the Internet from private LAN clients with Tomato64's public (WAN) address. Conversely, NAT re-addresses incoming packets coming from the Internet with the private IP address of the correct LAN client. All this is transparent. The hosts on the LAN and the Internet never know it's happening. In other words, NAT takes traffic from network 1 and makes it appear on network 2 as if it's coming from the router IP address on network 2. The cache of address mappings and open/closed connections is called the NAT Table.
Connections initiated on the Internet will not reach a LAN IP address, as the PAT (Port Address Translation) table doesn't contain references to those connection attempts. By coincidence, this acts as minimal security feature.
PAT
There are several types of NAT. The most common and relevant for Tomato64 is PAT (Port Address Translation). By default, Tomato64 performs PAT translation. With PAT, translation happens not only between private and public IP addresses, but also between ports. For example, a request for an Internet connection from 192.168.0.100 to google.com will create a NAT mapping to allow the return packets to be sent to the correct LAN device on the correct port. However, in some cases, you may want to have one port on the WAN always mapped/redirected to a single LAN client.
NOTE: There is an obsolete setting in the Miscellaneous section of some older versions in of the Advanced/Routing menu that suggests Tomato64 can operate in Gateway mode or Router mode. Ignore this, and leave it set to "Gateway", regardless of your configuration.
a16bb07aecd3c3d8967615c6fef64760.png
On: Checking this enables the settings in that row of the table. (Default: Off).
Protocol: This selects which transport layer protocols are forwarded. (Default: UDP)
- UDP - only UDP connections are forwarded
- TCP - only TCP connections are forwarded
- Both - both UDP and TCP connections are forwarded
b8fb9f003cf7ce3ff22f2bd6f1cfccbc.png
Src Address: (Optional). This will restrict the rule so it's applied only from specific source addresses. Contrary to its name, DNS hostnames and FQDN names are both valid here. Leaving this empty configures port forwarding to be "from any address".
Ext Port: This defines a mapping to the (external) port the Internet connection expects to use. It can be a single port or a range, with syntax: "FromPort-ToPort".
Int Port: (Optional). Here, you can specify a different (internal) port to the target LAN IP address. Leaving this empty uses the same port as the Ext Port
(Default: empty).
Int Address: This specifies the internal Address to which the port on the LAN the traffic should be redirected.
Description: Here, enter any text to help you remember the reason for the mapping. Most users enter the application name, or protocol used, such as "RDP" or "Mail Server".