D-Link DFL-800-AV-12 User Manual - Page 210
Static Address Translation, 7.3.1. Translation of a Single IP Address (1:1)
View all D-Link DFL-800-AV-12 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 210 highlights
7.3. Static Address Translation Chapter 7. Address Translation 7.3. Static Address Translation NetDefendOS can translate entire ranges of IP addresses and/or ports. Such translations are transpositions, that is, each address or port is mapped to a corresponding address or port in the new range, rather than translating them all to the same address or port. This functionality is known as Static Address Translation (SAT). Unlike NAT, SAT requires more than just a single SAT rule to function. NetDefendOS does not terminate the rule set lookup upon finding a matching SAT rule. Instead, it continues to search for a matching Allow, NAT or FwdFast rule. Only when it has found such a matching rule does NetDefendOS execute the SAT rule. 7.3.1. Translation of a Single IP Address (1:1) The simplest form of SAT usage is translation of a single IP address. A very common scenario for this is to enable external users to access a protected server having a private address. This scenario is also sometimes referred to as a Virtual IP or Virtual Server in some other manufacturer's products. Example 7.3. Enabling Traffic to a Protected Web Server in a DMZ In this example, we will create a SAT policy that will translate and allow connections from the Internet to a web server located in a DMZ. The D-Link Firewall is connected to the Internet using the wan interface with address object wan_ip (defined as 195.55.66.77) as IP address. The web server has the IP address 10.10.10.5 and is reachable through the dmz interface. CLI First create a SAT rule: gw-world:/> add IPRule Action=SAT Service=http SourceInterface=any SourceNetwork=all-nets DestinationInterface=core DestinationNetwork=wan_ip SATTranslate=DestinationIP SATTranslateToIP=10.10.10.5 Name=SAT_HTTP_To_DMZ Then create a corresponding Allow rule: gw-world:/> add IPRule action=Allow Service=http SourceInterface=any SourceNetwork=all-nets DestinationInterface=core DestinationNetwork=wan_ip Name=Allow_HTTP_To_DMZ Web Interface First create a SAT rule: 1. Go to Rules > IP Rules > Add > IPRule 2. Specify a suitable name for the rule, eg. SAT_HTTP_To_DMZ 3. Now enter: • Action: SAT • Service: http • Source Interface: any • Source Network: all-nets • Destination Interface: core • Destination Network: wan_ip 4. Under the SAT tab, make sure that the Destination IP Address option is selected 5. In the New IP Address textbox, enter 10.10.10.5 6. Click OK 210