I currently have a small network which contains an FTP server that I'd like to be able to access from the Internet at home.
This network has a firewall with 2 interfaces – 192.168.0.75 – Facing the internal network & 192.168.1.1 going to my router at 192.168.1.254. I need to be able to forward ports from the router's subnet, through the firewall on to my internal subnet and to the FTP server.
I'm not sure if static routes are the most ideal way to achieve this, or exactly how it should be set. With static routes am I correct in the assumption I'd need a route going from the router to the firewall with its gateway set as 192.168.1.1, with destination IP 192.168.0.75, and setup port forwarding on the firewall to the FTP server?
Please advise, I also attach a simplified diagram.
Best Answer
Static routes are just fine. In this case your default gateway should always point towards internet:
Firewall shouldn't need any other routes. 192.168.0.0/24 and 192.168.1.0/24 are already connected so they should be in the routing table already.
Your router (192.168.1.254) should have static route for 192.168.0.0/24 via 192.168.1.1.
Port forwarding must be done at least on a device with public IP address - router in your case. In this case you don't need to perform NAT nor port forwarding on the firewall it'll just run the firewall rules. Port forwarding on the router should set 192.168.0.162 as new destination address.
You could do port forwarding on both firewall and router but I that's probably counter productive. You cannot perform port forwarding and NAT on firewall only as it isn't reachable from the Internet due to private IP addresses.