D-Link DSR-150N DSR-150 User Manual - Page 96

Solution, Example 3, Situation

Get D-Link DSR-150N PDF manuals and user guides View all D-Link DSR-150N manuals
Add to My Manuals
Save this manual to your list of manuals

Page 96 highlights

Unified Services Router User Manual S ol uti on: Creat e an in b o u n d ru le as fo llo ws . In t h e examp le, CUSeeM e (t h e v id eo conference s ervice us ed) connections are allowed only from a s pecified range of ext ern al IP ad d res s es . Par am eter From Zone V alu e Insecure (WAN1/WAN2/WAN3) To Zone Service Action Send to Local Server (DNAT IP) Destination Users Secure (LAN) CU-SEEME: UDP ALLOW alw ays 192.168.10.11 Address Range From To Enable Port Forw arding 132.177.88.2 134.177.88.254 Yes (enabled) Exampl e 3 : M u lt i-NA T co n fig u rat io n S i tuati on: Yo u wan t t o co n fig u re mu lt i-NA T t o s u p p o rt mu lt ip le p u b lic IP addres s es on one W AN port interface. S olution: Create an inbound rule that configures the firewall to hos t an additional public IP addres s . As s ociate this addres s with a web s erver on the DMZ. If you arran g e wit h y o u r ISP t o h av e mo re t h an o ne p u blic IP ad d ress fo r y o u r u se, y ou can u s e t h e ad dit io nal p u blic IP ad d resses t o map t o s erv ers o n y o u r LA N. On e o f t h es e p u b lic IP ad d resses is u sed as t h e p rimary IP ad d res s o f t h e ro u t er. Th is ad d res s is u s ed t o p ro vid e In t ernet access t o y o ur LA N PCs t h ro u g h NA T. Th e o t her ad dress es are av ailab le t o map t o y o u r DM Z s erv ers . Th e fo llo win g ad d res s in g s ch eme is u s ed t o illu s t rat e t h is p ro ced u re:  WAN IP addres s : 10.1.0.118  LA N IP ad d res s : 192.168.10.1; s u b n et 255.255.255.0  W eb s erver hos t in the DMZ, IP addres s : 192.168.12.222  A cces s t o W eb s erv er: (s imu lat ed ) p u b lic IP ad d res s 10.1.0.52 Par am eter From Zone To Zone Service Action Send to Local Server (DNAT IP) Destination Users V alu e Insecure (WAN1/WAN2/WAN3) Public (DMZ) HTTP ALLOW alw ays 192.168.12.222 ( w eb server local IP address) Single Address 94

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
  • 123
  • 124
  • 125
  • 126
  • 127
  • 128
  • 129
  • 130
  • 131
  • 132
  • 133
  • 134
  • 135
  • 136
  • 137
  • 138
  • 139
  • 140
  • 141
  • 142
  • 143
  • 144
  • 145
  • 146
  • 147
  • 148
  • 149
  • 150
  • 151
  • 152
  • 153
  • 154
  • 155
  • 156
  • 157
  • 158
  • 159
  • 160
  • 161
  • 162
  • 163
  • 164
  • 165
  • 166
  • 167
  • 168
  • 169
  • 170
  • 171
  • 172
  • 173
  • 174
  • 175
  • 176
  • 177
  • 178
  • 179
  • 180
  • 181
  • 182
  • 183
  • 184
  • 185
  • 186
  • 187
  • 188
  • 189
  • 190
  • 191
  • 192
  • 193
  • 194
  • 195
  • 196
  • 197
  • 198
  • 199
  • 200
  • 201
  • 202
  • 203
  • 204
  • 205
  • 206
  • 207
  • 208
  • 209
  • 210
  • 211
  • 212
  • 213
  • 214
  • 215
  • 216
  • 217
  • 218
  • 219
  • 220
  • 221
  • 222
  • 223
  • 224
  • 225
  • 226
  • 227
  • 228
  • 229
  • 230
  • 231
  • 232
  • 233
  • 234
  • 235
  • 236
  • 237
  • 238
  • 239
  • 240
  • 241
  • 242
  • 243
  • 244
  • 245
  • 246
  • 247
  • 248
  • 249
  • 250
  • 251
  • 252
  • 253
  • 254
  • 255
  • 256
  • 257
  • 258
  • 259
  • 260
  • 261
  • 262
  • 263
  • 264
  • 265
  • 266
  • 267
  • 268
  • 269
  • 270
Unified Services Router
User Manual
94
Solution:
Create an inbound rule as follows. In the example, CUSeeMe (the video
conference service used) connections are allowed only from a specified range of
external IP addresses.
Parameter
Value
From Zone
Insecure (WAN1/WAN2/WAN3)
To Zone
Secure (LAN)
Service
CU-SEEME: UDP
Action
ALLOW alw ays
Send to Local Server (DNAT IP)
192.168.10.11
Destination Users
Address Range
From
132.177.88.2
To
134.177.88.254
Enable Port Forw arding
Yes (enabled)
Example 3:
Multi-NAT configuration
Situation:
You want to configure multi-NAT to support multiple public IP
addresses on one WAN port interface.
Solution:
Create an inbound rule that configures the firewall to host an additional
public IP address. Associate this address with a web server on the DMZ. If you
arrange with your ISP to have more than one public IP address for your use, you can
use the additional public IP addresses to map to servers on your LAN. One of these
public IP addresses is used as the primary IP address of the router. This address is
used to provide Internet access to your LAN PCs through NAT. The other addresses
are available to map to your DMZ servers.
The following addressing scheme is used to illustrate this procedure:
WAN IP address: 10.1.0.118
LAN IP address: 192.168.10.1; subnet 255.255.255.0
Web server host in the DMZ, IP address: 192.168.12.222
Access to Web server: (simulated) public IP address 10.1.0.52
Parameter
Value
From Zone
Insecure (WAN1/WAN2/WAN3)
To Zone
Public (DMZ)
Service
HTTP
Action
ALLOW alw ays
Send to Local Server (DNAT IP)
192.168.12.222 ( w eb server local IP address)
Destination Users
Single Address