Hello,

I've been looking at Multinat as a solution to one of my problems, which I believe will work in conjunction with Open Ports.

Essentially I have a mail server, SBS server and an Avaya IP Office 500 which need to be addressed externally (specific ports)


One of the problems I have, is that I need to choose the external source IP for the SIP service, and the SMTP service - which is different to that of the standard NAT'ed IP.

This document (below) seems to suggest that I need to set up a DMZ Hosts (eg for the Avaya IPO or mail server).
"How do I fix a one-to-one IP Mapping for outgoing traffic"
http://www.draytek.co.uk/support/kb_vigor_multinat.html#fixmap

My question is: Won't this expose ALL incoming ports, rather than just the ports specified in the "Open Ports" section, therefore posing a security risk ?

Yes it will, but the information mostly refers to the older models, on later routers such as the 2820 series, there's an option in the NAT menu for Address Mapping - this does the same thing as DMZ but doesn't forward traffic, just sets which WAN IP the traffic from the specified LAN IPs will come from.
You can then set up port forwards separately.

Thanks for this. I noticed this option, but this makes sense now.