You can do various things with port redirection. You can either intercept traffic going out and feed it to a proxy. This "transparent" proxy may be used to hide the internal network, do some caching or some filtering of the protocol (A transparent pop-3 proxy could flag or delete email with special attachement for one).
Port redirection may also be used to provide access to an internal server (behind a firewall) from outside.
In this case, you select the check-box "redirect to local port/host". Then you enter the port on which the proxy server is listening.
The firewall rule generally defines a target port (in the "to" section) and looks like (to enable squid as a transparent proxy for example):
Protocol tcp
-----------From---------------
Host or Network 192.168.1.0
Netmask 255.255.255.0
Port range
Other ports
Interface eth0
-----------To-----------------
Host or Network 0.0.0.0
Netmask
Port range
Other ports 80
Interface Any
---------features-------------
[x] redirect to local port/host
redirect to port 3128
In this case, request come from anywhere (from the internet) and goes to one IP on the firewall (potentially an IP alias). We may want to "publish" a single port on the internal server, or many (even a port range). This is done by leaving the "Redirect to port" field empty. The firewalling rule specify the effective port range accepted.
The following example is making an internal web server available on the internet.
Protocol tcp
-----------From---------------
Host or Network 0.0.0.0
Netmask
Port range
Other ports
Interface eth0
-----------To-----------------
Host or Network public_IP
Netmask
Port range
Other ports 80
Interface Any
---------features-------------
[x] redirect to local port/host
redirect to port 80
redirect to host 192.168.1.2
The following example is publishing several services from the internal server. the trick is to leave "redirect to port" empty and specify which ports are accepted in the firewall rule. In the following example, ssh, www and pop-3 are handled.
Protocol tcp
-----------From---------------
Host or Network 0.0.0.0
Netmask
Port range
Other ports
Interface eth0
-----------To-----------------
Host or Network public_IP
Netmask
Port range
Other ports 22 80 pop-3
Interface Any
---------features-------------
[x] redirect to local port/host
redirect to port
redirect to host 192.168.1.2