I have an aging and now-unsupported “ProSAFE” VPN firewall running defense around a /28 block of public IP addresses leased to us by our datacenter. Our WAN drop is a single ethernet cable. One of this firewall’s most useful features, which I assumed came standard in enterprise-like firewall appliances, is a “secondary addresses” table – basically, the primary WAN interface of the firewall is set to the first IP address in our block, and then I’ve specified the other 13 in the “WAN Secondary Addresses” table of the router.
When I define the inbound firewall rules, there’s a drop-down to choose which destination IP address the packet arrived on, so I can have separate rules for “port 80” such that each of our publicIP:80 results can be NATed to a different private LAN IP (and the rule also gives the option to change the port there too). I make extensive use of this to publish our different testbed systems so they don’t have to be fully exposed or hold a public IP address on their own.
As I’m looking around for replacement firewalls, I can’t seem to see any that have a feature which sounds like this, and realized that maybe I don’t know what this concept is really called in the networking industry. My only real hands-on firewall configurating experience is with this particular router and have never had any formal training on it (not counting the many various “home wifi routers” I’ve had over the years which I wouldn’t expect to have anything like this).
Thanks for anyone who can clarify the correct terminology for this type of feature.
