D-Link DFL-2500 User Guide - Page 133
Address translation in D-Link Firewall
![]() |
View all D-Link DFL-2500 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 133 highlights
114 Chapter 14. IP Rules source and destination address and port numbers - it is possible to validate any or all of this information before passing the traffic. This checking helps the firewall to protect a private LAN against attacks from the outside. NAT mechanism discard all traffic that does not match a mapping table entry, therefore it is also regarded as a security device. However, NAT is not a substitute for firewall rules. There are TCP and UDP ports open corresponding to applications and services running on the NAT. If the NAT device is a computer, rather than a dedicated firewall, then the computer is vulnerable to attack. Therefore, the recommendation is to use NAT-enabled firewall with rule settings specified for traffic. 14.2.3 Address translation in D-Link Firewall D-Link firewalls support two types of address translation: dynamic (NAT hide), and static (SAT). Dynamic Network Address Translation The process of dynamic address translation involves the translation of multiple sender addresses into one or more sender addresses, like private IP addresses are mapped to a set of public IP addresses. Example: Dynamic NAT Sender Server 192.168.1.5 : 1038 → 195.55.66.77 : 80 FW tran 195.11.22.33: 32789 195.55.66.77 : 80 reply 195.11.22.33: 32789 195.55.66.77 : 80 FW rest 192.168.1.5 : 1038 ← 195.55.66.77 : 80 Table 14.1: Dynamic NAT. Table 14.1 shows a example of dynamic NAT, The sender, e.g. 192.168.1.5, sends a packet from a dynamically assigned port, for instance, port 1038, to a server, e.g. 195.55.66.77 port 80. Usually, the firewall translates the sender address to the address of the interface closest to the destination address. In this example, we use 195.11.22.33 as the public address. In addition, the firewall changes the D-Link Firewalls User's Guide
![](/manual_guide/products/dlink-dfl2500-user-guide-83bdca9/133.png)