Appendix C: Multiple Public IP addresses
Mapping of a Public IP address other than that of the Firewall to a Server located on either
internal interface can be accomplished in two basic steps (order does not matter): add a Port
Mapping/Virtual Server rule that forwards specified services to a single LAN or DMZ host to
be accessible through a WAN IP not used by the DFL-700; add a static route in the firewall’s
routing table indicating the internal interface to which the Public IP should be mapped. For an
increased level of protection from Network Intrusions or malicious attacks, isolation of servers
accessible to the public from the Private network is recommended. This will ensure that if one
of those servers happens to become compromised through vulnerabilities related to software,
an attacker would not be able to directly access the private internal Network. The DFL-700
provides a physical DMZ network interface specifically for this purpose. This can be
accomplished with NAT disabled or enabled on the DMZ interface.
Example Scenario using NAT:
The firewall is configured using the following scheme in order to allow Internet hosts
access to web services running on either the internal LAN or DMZ Network
The goal is to map two internal web servers (port 80) to two Public IP addresses provided
by our ISP.
Host Interface
Private IP
Public IP
Firewall LAN
192.168.2.1 80.80.80.80
Firewall DMZ
192.168.10.1
80.80.80.80
Web Server on LAN
192.168.2.50 80.80.80.81
Web Server on DMZ
192.168.10.100 80.80.80.82
Summary of Contents for DFL-700 - Security Appliance
Page 1: ...D Link DFL 700 Network Security Firewall Manual Building Networks for People 04 18 2005 TM ...
Page 102: ...102 5 Select Connect to the network at my workplace and click Next ...
Page 103: ...6 Select Virtual Private Network connection and click Next ...
Page 104: ...104 7 Name the connection MainOffice and click Next ...
Page 105: ...8 Select Do not dial the initial connection and click Next ...
Page 106: ...106 9 Type the IP address to the server 194 0 2 20 and click Next 10 Click Finish ...