McAfee UTM Firewall 4.0.4 Administration Guide
173
Firewall menu options
NAT
Figure 175 Masquerading/Source NAT
About one-to-one NAT
One-to-one NAT is a combination of destination NAT and source NAT. Both destination NAT and source NAT
rules are created for full IP address translation in both directions. This can be useful if you have a range of
IP addresses that have been added as interface aliases on the UTM Firewall appliance’s WAN interface, and
want to associate one of these external alias IP addresses with a single internal, masqueraded computer.
This effectively allocates the internal computer its own real world IP address, also known as a virtual DMZ.
This type of NAT is used when multiple internal/DMZ servers need to be mapped to their own public IP
address. The UTM Firewall appliance rewrites the source address on outbound packets and rewrites the
destination address on inbound packets.
The NAT menu option contains the following main pages:
•
Port forwarding page
•
Source NAT page
•
One-to-one NAT
•
Masquerading page
•
Universal Plug and Play Gateway
For further information on NAT, investigate the solution finder feature in the UTM Firewall knowledgebase
(
http://sgkb.securecomputing.com
). Click the Try a Solution Finder tab.You can step through various
configuration scenarios in the Understanding UTM Firewall NAT Options solution finder.
Port forwarding page
Port forwarding rules alter the destination address, and optionally, the destination port of packets received
by the UTM Firewall appliance. Port forwarding allows controlled access to services provided by machines
on your private network to users on the Internet by forwarding requests for a specific service coming into
one of the appliance’s interfaces (typically the WAN interface) to a machine on your DMZ or LAN that
services the request.
Click New to define the first rule, as shown in
Figure 176
.
Table 14 Masquerading packets source and destination IP addresses
Packet from client
Packet from UTM Firewall after NAT
SRC_IP=1.1.1.1
SRC_IP=3.3.3.3
DST_IP=1.1.1.25
DST_IP=1.1.1.25
Summary of Contents for SG310
Page 1: ...McAfee UTM Firewall Administration Guide version 4 0 4...
Page 10: ...10 McAfee UTM Firewall 4 0 4 Administration Guide...
Page 148: ...148 McAfee UTM Firewall 4 0 4 Administration Guide Network Setup menu options SIP...
Page 372: ...372 McAfee UTM Firewall 4 0 4 Administration Guide System menu features Advanced menu...
Page 410: ...410 McAfee UTM Firewall 4 0 4 Administration Guide Index...
Page 411: ......
Page 412: ...700 2237A00...