D-Link DFL-260E User Manual for DFL-260E - Page 380
Example 7.6. Translating Traffic to a Single Protected Web Server N:1, Attempts to communicate
View all D-Link DFL-260E manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 380 highlights
7.4.3. All-to-One Mappings (N:1) Chapter 7. Address Translation • Attempts to communicate with 194.1.2.16 - port 80, will result in a connection to 192.168.0.50. • Attempts to communicate with 194.1.2.30 - port 80, will result in a connection to 192.168.0.50. Note When all-nets is the destination, All-to-One mapping is always done. Example 7.6. Translating Traffic to a Single Protected Web Server (N:1) This example is similar to the previous many-to-many (M:N) example but this time a SAT IP will translate from five public IPv4 addresses to a single web server located in a DMZ. The NetDefend Firewall is connected to the Internet on the wan interface and the public IPv4 addresses have the range of 195.55.66.77 to 195.55.66.81. The server has the private IPv4 address 10.10.10.5 and is on the network connected to the dmz interface. The following steps need to be performed: • Define an address object containing all the public IPv4 addresses. • Define another address object set to be the IPv4 address 10.10.10.5 of the web server. • Publish the public IPv4 addresses on the wan interface using the ARP publish mechanism. • Create a SAT rule that will perform the translation. • Create an Allow rule that will permit the incoming HTTP flows. Command-Line Interface Create an address object for the public IPv4 addresses: gw-world:/> add Address IPAddress wwwsrv_pub Address=195.55.66.77-195.55.66.81 Now, create another object for the base of the web server IP addresses: gw-world:/> add Address IPAddress wwwsrv_priv Address=10.10.10.5 Publish the five public IPv4 addresses on the wan interface using ARP publish. A CLI command like the following is needed for each IP address: gw-world:/> add ARP Interface=wan IP=195.55.66.77 mode=Publish Next, change the current CLI context to be the main IP rule set: gw-world:/> cc IPRuleSet main Next, create a SAT rule for the translation: gw-world:/IPRuleSet/main> add IPRule Action=SAT Service=http SourceInterface=any SourceNetwork=all-nets DestinationInterface=wan DestinationNetwork=wwwsrv_pub SATTranslateToIP=wwwsrv_priv SATTranslate=DestinationIP SATAllToOne=Yes Finally, create an associated Allow Rule: gw-world:/IPRuleSet/main> add IPRule Action=Allow Service=http SourceInterface=any SourceNetwork=all-nets DestinationInterface=wan 380