it could be used for other purposes and any Ethernet interface could also be used instead
for a DMZ.
Example 7.4. One-to-One IP Translation
In this example, SAT will be used to translate and allow connections from the public Internet to a
web server located in a DMZ. The NetDefend Firewall is connected to the Internet via the wan
interface with address object wan_ip (defined as
195.55.66.77
) as its IP address. The web server
has the IPv4 address
10.10.10.5
and is reachable through the dmz interface. The port number will
not be translated.
Command-Line Interface
Create a SAT IP rule:
gw-world:/> add IPRule Action=SAT
Service=http-all
SourceInterface=wan
SourceNetwork=all-nets
DestinationInterface=core
DestinationNetwork=wan_ip
SATTranslate=DestinationIP
SATTranslateToIP=10.10.10.5
Name=SAT_HTTP_To_DMZ
Then create a corresponding
Allow
rule:
gw-world:/> add IPRule Action=Allow
Service=http-all
SourceInterface=wan
SourceNetwork=all-nets
DestinationInterface=core
DestinationNetwork=wan_ip
Name=Allow_HTTP_To_DMZ
Web Interface
First create a
SAT
rule:
1.
Go to: Policies > Firewalling > Main IP Rules > Add > IP Rule
2.
Specify a suitable name for the rule, for example
SAT_HTTP_To_DMZ
3.
Now enter:
•
Action: SAT
•
Service: http-all
•
Source Interface: wan
•
Source Network: all-nets
•
Destination Interface: core
•
Destination Network: wan_ip
•
SAT Translate: Destination IP
Chapter 7: Address Translation
591
Содержание NetDefendOS
Страница 30: ...Figure 1 3 Packet Flow Schematic Part III Chapter 1 NetDefendOS Overview 30 ...
Страница 32: ...Chapter 1 NetDefendOS Overview 32 ...
Страница 144: ...Chapter 2 Management and Maintenance 144 ...
Страница 220: ... Enable DHCP passthrough Enable L2 passthrough for non IP protocols 4 Click OK Chapter 3 Fundamentals 220 ...
Страница 267: ... SourceNetwork lannet DestinationInterface any DestinationNetwork all nets 4 Click OK Chapter 3 Fundamentals 267 ...
Страница 284: ...Chapter 3 Fundamentals 284 ...
Страница 360: ...The ospf command options are fully described in the separate NetDefendOS CLI Reference Guide Chapter 4 Routing 360 ...
Страница 392: ...Chapter 4 Routing 392 ...
Страница 396: ...Web Interface 1 Go to Network Ethernet If1 2 Select Enable DHCP 3 Click OK Chapter 5 DHCP Services 396 ...
Страница 419: ... Host 2001 DB8 1 MAC 00 90 12 13 14 15 5 Click OK Chapter 5 DHCP Services 419 ...
Страница 420: ...Chapter 5 DHCP Services 420 ...
Страница 424: ...2 Now enter Name lan_Access Action Expect Interface lan Network lannet 3 Click OK Chapter 6 Security Mechanisms 424 ...
Страница 573: ...Chapter 6 Security Mechanisms 573 ...
Страница 575: ...This section describes and provides examples of configuring NAT and SAT rules Chapter 7 Address Translation 575 ...
Страница 607: ...Chapter 7 Address Translation 607 ...
Страница 666: ...Chapter 8 User Authentication 666 ...
Страница 775: ...Chapter 9 VPN 775 ...
Страница 819: ...Chapter 10 Traffic Management 819 ...
Страница 842: ...Chapter 11 High Availability 842 ...
Страница 866: ...Default Enabled Chapter 13 Advanced Settings 866 ...
Страница 879: ...Chapter 13 Advanced Settings 879 ...