D-Link DFL-210-WCF-12 Product Manual - Page 345
Translation of a Single IP, Address 1:1, add IPRule action=Allow Service=http
UPC - 790069601545
View all D-Link DFL-210-WCF-12 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 345 highlights
7.4.1. Translation of a Single IP Address (1:1) Chapter 7. Address Translation Then create a corresponding Allow rule: gw-world:/main> add IPRule action=Allow Service=http SourceInterface=any SourceNetwork=all-nets DestinationInterface=core DestinationNetwork=wan_ip Name=Allow_HTTP_To_DMZ Web Interface First create a SAT rule: 1. Go to Rules > IP Rules > Add > IPRule 2. Specify a suitable name for the rule, for example SAT_HTTP_To_DMZ 3. Now enter: • Action: SAT • Service: http • Source Interface: any • Source Network: all-nets • Destination Interface: core • Destination Network: wan_ip 4. Under the SAT tab, make sure that the Destination IP Address option is selected 5. In the New IP Address textbox, enter 10.10.10.5 6. Click OK Then create a corresponding Allow rule: 1. Go to Rules > IP Rules > Add > IPRule 2. Specify a suitable name for the rule, for example Allow_HTTP_To_DMZ 3. Now enter: • Action: Allow • Service: http • Source Interface: any • Source Network: all-nets • Destination Interface: core • Destination Network: wan_ip 4. Under the Service tab, select http in the Predefined list 5. Click OK The example results in the following two rules in the rule set: # Action 1 SAT 2 Allow Src Iface any any Src Net all-nets all-nets Dest Iface core core Dest Net wan_ip wan_ip Parameters http SETDEST 10.10.10.5 80 http These two rules allow us to access the web server via the NetDefend Firewall's external IP address. Rule 1 states that address translation can take place if the connection has been permitted, and rule 2 permits the connection. Of course, we also need a rule that allows internal machines to be dynamically address translated to the Internet. In this example, we use a rule that permits everything from the internal network to access the Internet using a NAT rule: 345