These IP rules would result in the following translations:
Original Destination Address
Translated Destination Address
194.1.2.16
192.168.0.50
194.1.2.17
192.168.0.51
194.1.2.18
192.168.0.52
194.1.2.19
192.168.0.53
194.1.2.20
192.168.0.54
194.1.2.21
192.168.0.55
194.1.2.22
192.168.0.56
194.1.2.23
192.168.0.57
These translations will mean:
•
Attempts to communicate with
194.1.2.16
will result in a connection to
192.168.0.50
.
•
Attempts to communicate with
194.1.2.22
will result in a connection to
192.168.0.56
.
An example of an application for this feature is when there are several protected servers in a
DMZ, and each server is to be accessible using a unique public IPv4 address.
Example 7.5. Many-to-Many IP Translation
In this example, a SAT IP rule will translate from five public IPv4 addresses to five web servers
located in a DMZ. The firewall is connected to the Internet via the
wan
interface and the public
IPv4 addresses are the range
195.55.66.77
to
195.55.66.81
. The web servers have the private IPv4
address range
10.10.10.5
to
10.10.10.9
and are on the network connected to the
dmz
interface.
The following steps need to be performed:
•
Define an address object containing the public IPv4 addresses.
•
Define another address object for the base of the web server IP addresses.
•
Publish the public IPv4 addresses on the
wan
interface using the ARP publish mechanism.
•
Create a
SAT
rule that will perform the translation.
•
Create an
Allow
rule that will permit the incoming HTTP connections.
Since the five public IPv4 addresses are being ARP published so these addresses are not routed
on
core
, the SAT destination interface is
wan
and not
core
.
Command-Line Interface
Create an address object for the public IPv4 addresses:
gw-world:/> add Address IP4Address wwwsrv_pub
Address=195.55.66.77-195.55.66.81
Now, create another object for the base of the web server IP addresses:
gw-world:/> add Address IP4Address wwwsrv_priv_base Address=10.10.10.5
Publish the public IPv4 addresses on the wan interface using ARP publish. One ARP item is
Chapter 7: Address Translation
594
Содержание NetDefendOS
Страница 30: ...Figure 1 3 Packet Flow Schematic Part III Chapter 1 NetDefendOS Overview 30 ...
Страница 32: ...Chapter 1 NetDefendOS Overview 32 ...
Страница 144: ...Chapter 2 Management and Maintenance 144 ...
Страница 220: ... Enable DHCP passthrough Enable L2 passthrough for non IP protocols 4 Click OK Chapter 3 Fundamentals 220 ...
Страница 267: ... SourceNetwork lannet DestinationInterface any DestinationNetwork all nets 4 Click OK Chapter 3 Fundamentals 267 ...
Страница 284: ...Chapter 3 Fundamentals 284 ...
Страница 360: ...The ospf command options are fully described in the separate NetDefendOS CLI Reference Guide Chapter 4 Routing 360 ...
Страница 392: ...Chapter 4 Routing 392 ...
Страница 396: ...Web Interface 1 Go to Network Ethernet If1 2 Select Enable DHCP 3 Click OK Chapter 5 DHCP Services 396 ...
Страница 419: ... Host 2001 DB8 1 MAC 00 90 12 13 14 15 5 Click OK Chapter 5 DHCP Services 419 ...
Страница 420: ...Chapter 5 DHCP Services 420 ...
Страница 424: ...2 Now enter Name lan_Access Action Expect Interface lan Network lannet 3 Click OK Chapter 6 Security Mechanisms 424 ...
Страница 573: ...Chapter 6 Security Mechanisms 573 ...
Страница 575: ...This section describes and provides examples of configuring NAT and SAT rules Chapter 7 Address Translation 575 ...
Страница 607: ...Chapter 7 Address Translation 607 ...
Страница 666: ...Chapter 8 User Authentication 666 ...
Страница 775: ...Chapter 9 VPN 775 ...
Страница 819: ...Chapter 10 Traffic Management 819 ...
Страница 842: ...Chapter 11 High Availability 842 ...
Страница 866: ...Default Enabled Chapter 13 Advanced Settings 866 ...
Страница 879: ...Chapter 13 Advanced Settings 879 ...