The SAT IP rule to perform the translation would be:
# Action
Src Iface
Src Net
Dest Iface Dest Net
Service
SAT Action
1 SAT
any
all-nets
wan
194.1.2.16-
194.1.2.20,
194.1.2.30
http-all
Destination IP: 192.168.0.50 All-to-One
This IP rule has the property
All to One
enabled. This will give an all-to-one translation of all
addresses in the range specified to the single IPv4 address
192.168.0.50
. Some examples of this
translation are:
•
Attempts to communicate with IPv4 address
194.1.2.16
, will result in a connection to
192.168.0.50
.
•
Attempts to communicate with IPv4 address
194.1.2.30
, will result in a connection to
192.168.0.50
.
Note: An untranslated network of all-nets is always all-to-one
When
all-nets
is specified as the original, untranslated address in a SAT rule,
NetDefendOS will assume that the
All-to-One
property is enabled even though the
administrator does not enable it explicitly.
Example 7.6. All-to-One IP Translation
This example is similar to the previous many-to-many example but this time a SAT IP rule will
translate from five public IPv4 addresses to a single web server located in a DMZ.
The NetDefend Firewall is connected to the Internet via the
wan
interface and the public IPv4
addresses have the range of
195.55.66.77
to
195.55.66.81
. The server has the private IPv4 address
10.10.10.5
and is on the network connected to the
dmz
interface.
The following steps need to be performed:
•
Define an address object containing all the public IPv4 addresses with the name
wwwsrv_pub
.
•
Define another address object set to be the IPv4 address
10.10.10.5
of the web server with the
name
wwwsrv_priv
.
•
Publish the public IPv4 addresses on the
wan
interface using the ARP publish feature.
•
Create a
SAT
rule that will perform the translation.
•
Create an
Allow
rule that will permit the incoming HTTP flows.
Command-Line Interface
Create an address object for the public IPv4 addresses:
gw-world:/> add Address IPAddress wwwsrv_pub
Address=195.55.66.77-195.55.66.81
Now, create another object for the base of the web server IP addresses:
Chapter 7: Address Translation
597
Содержание NetDefendOS
Страница 30: ...Figure 1 3 Packet Flow Schematic Part III Chapter 1 NetDefendOS Overview 30 ...
Страница 32: ...Chapter 1 NetDefendOS Overview 32 ...
Страница 144: ...Chapter 2 Management and Maintenance 144 ...
Страница 220: ... Enable DHCP passthrough Enable L2 passthrough for non IP protocols 4 Click OK Chapter 3 Fundamentals 220 ...
Страница 267: ... SourceNetwork lannet DestinationInterface any DestinationNetwork all nets 4 Click OK Chapter 3 Fundamentals 267 ...
Страница 284: ...Chapter 3 Fundamentals 284 ...
Страница 360: ...The ospf command options are fully described in the separate NetDefendOS CLI Reference Guide Chapter 4 Routing 360 ...
Страница 392: ...Chapter 4 Routing 392 ...
Страница 396: ...Web Interface 1 Go to Network Ethernet If1 2 Select Enable DHCP 3 Click OK Chapter 5 DHCP Services 396 ...
Страница 419: ... Host 2001 DB8 1 MAC 00 90 12 13 14 15 5 Click OK Chapter 5 DHCP Services 419 ...
Страница 420: ...Chapter 5 DHCP Services 420 ...
Страница 424: ...2 Now enter Name lan_Access Action Expect Interface lan Network lannet 3 Click OK Chapter 6 Security Mechanisms 424 ...
Страница 573: ...Chapter 6 Security Mechanisms 573 ...
Страница 575: ...This section describes and provides examples of configuring NAT and SAT rules Chapter 7 Address Translation 575 ...
Страница 607: ...Chapter 7 Address Translation 607 ...
Страница 666: ...Chapter 8 User Authentication 666 ...
Страница 775: ...Chapter 9 VPN 775 ...
Страница 819: ...Chapter 10 Traffic Management 819 ...
Страница 842: ...Chapter 11 High Availability 842 ...
Страница 866: ...Default Enabled Chapter 13 Advanced Settings 866 ...
Страница 879: ...Chapter 13 Advanced Settings 879 ...