D-Link DFL-800 Product Manual - Page 348
Translation of Multiple IP Addresses (M:N), 4.2. Translation of Multiple IP, Addresses M:N
UPC - 790069282133
View all D-Link DFL-800 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 348 highlights
7.4.2. Translation of Multiple IP Addresses (M:N) Chapter 7. Address Translation Another possible solution to this problem is to allow internal clients to speak directly to 10.0.0.2 and this would completely avoid all the problems associated with address translation. However, this is not always practical. 7.4.2. Translation of Multiple IP Addresses (M:N) A single SAT rule can be used to translate an entire range of IP addresses. In this case, the result is a transposition where the first original IP address will be translated to the first IP address in the translation list and so on. For instance, a SAT policy specifying that connections to the 194.1.2.16/29 network should be translated to 192.168.0.50 will result in transpositions which are described in the table below: Original Address 194.1.2.16 194.1.2.17 194.1.2.18 194.1.2.19 194.1.2.20 194.1.2.21 194.1.2.22 194.1.2.23 Translated Address 192.168.0.50 192.168.0.51 192.168.0.52 192.168.0.53 192.168.0.54 192.168.0.55 192.168.0.56 192.168.0.57 In other words: • Attempts to communicate with 194.1.2.16 will result in a connection to 192.168.0.50. • Attempts to communicate with 194.1.2.22 will result in a connection to 192.168.0.56. An example of when this is useful is when having several protected servers in a DMZ, and where each server should be accessible using a unique public IP address. Example 7.5. Translating Traffic to Multiple Protected Web Servers In this example, we will create a SAT policy that will translate and allow connections from the Internet to five web servers located in a DMZ. The NetDefend Firewall is connected to the Internet using the wan interface, and the public IP addresses to use are in the range of 195.55.66.77 to 195.55.66.81. The web servers have IP addresses in the range 10.10.10.5 to 10.10.10.9, and they are reachable through the dmz interface. To accomplish the task, the following steps need to be performed: • Define an address object containing the public IP addresses. • Define another address object for the base of the web server IP addresses. • Publish the public IP addresses on the wan interface using the ARP publish mechanism. • Create a SAT rule that will perform the translation. • Create an Allow rule that will permit the incoming HTTP connections. Command-Line Interface Create an address object for the public IP addresses: gw-world:/> add Address IP4Address wwwsrv_pub Address=195.55.66.77-195.55.66.81 Now, create another object for the base of the web server IP addresses: gw-world:/> add Address IP4Address wwwsrv_priv_base 348