D-Link DFL-260E User Manual page 351

7.4.1. Translation of a Single IP
Address (1:1)
Then create a corresponding Allow rule:
gw-world:/main> add IPRule action=Allow Service=http
Web Interface
First create a SAT rule:
1. Go to Rules > IP Rules > Add > IPRule
2. Specify a suitable name for the rule, for example SAT_HTTP_To_DMZ
3. Now enter:
• Action: SAT
• Service: http
• Source Interface: any
• Source Network: all-nets
• Destination Interface: core
• Destination Network: wan_ip
4. Under the SAT tab, make sure that the Destination IP Address option is selected
5. In the New IP Address textbox, enter 10.10.10.5
6. Click OK
Then create a corresponding Allow rule:
1. Go to Rules > IP Rules > Add > IPRule
2. Specify a suitable name for the rule, for example Allow_HTTP_To_DMZ
3. Now enter:
• Action: Allow
• Service: http
• Source Interface: any
• Source Network: all-nets
• Destination Interface: core
• Destination Network: wan_ip
4. Under the Service tab, select http in the Predefined list
5. Click OK
The example results in the following two rules in the rule set:
# Action
1 SAT
2 Allow
These two rules allow us to access the web server via the NetDefend Firewall's external IP address. Rule 1 states
that address translation can take place if the connection has been permitted, and rule 2 permits the connection.
Of course, we also need a rule that allows internal machines to be dynamically address translated to the Internet.
In this example, we use a rule that permits everything from the internal network to access the Internet using a
NAT rule:
SourceInterface=any
SourceNetwork=all-nets
DestinationInterface=core
DestinationNetwork=wan_ip
Name=Allow_HTTP_To_DMZ
Src Iface Src Net Dest Iface
any all-nets
any all-nets
Dest Net
core wan_ip
core wan_ip
351
Chapter 7. Address Translation
Parameters
http SETDEST 10.10.10.5 80
http