Typical Rule Based Alg And Dnat Example Using Oa-700 - Alcatel-Lucent OmniAccess 700 Cli Configuration Manual

Left running head:
Chapter name (automatic)
Filter and Firewall
T R B
YPICAL ULE
700
When there are multiple internal FTP servers inside the DMZ and sufficient Public
IP addresses are not available, these multiple FTP servers should run on different
ports so that they can be accessed from outside using DNAT. As a standard
service, FTP ALG is registered only on port 21 so outsiders will not be able to
access internal servers. To allow outside access to internal FTP Servers, FTP
ALG should be registered on those ports where FTP Server is listening for a
control connection.
The following example illustrates how rule based ALG solves this problem by
mapping the non-standard ports to standard service so that FTP ALG can be
invoked on these non-standard ports.
Figure 24: ALG Configuration Scenario
730
Beta
ALG
ASED AND
Alcatel-Lucent
DNAT E
XAMPLE
U OA-
SING
CLI Configuration Guide
Beta