Configuring A Napt Dmz Host; Defining Napt Port Ranges - Patton electronics SmartNode Series Software Configuration Manual

Software for smartnode series
Hide thumbs Also See for SmartNode Series:
Table of Contents

Advertisement

SmartWare Software Configuration Guide
Step
5
node(pf-napt)[name]#static local-
(optional)
ip global-ip
6
node(pf-napt)[name]#static
(optional)
{ ah|esp|gre|ipv6 } local_ip
[global_ip].
Use
in front of the above commands to delete a specific entry or the whole profile.
no
Note
The command
Example: Creating a NAPT Profile
The following example shows how to create a new NAPT profile access that contains all settings necessary to
implement the examples in section
node(cfg)#profile napt access
node(pf-napt)[access]#range 192.168.1.10 192.168.1.19 131.1.1.2
node(pf-napt)[access]#static tcp 192.168.1.20 80
node(pf-napt)[access]#static tcp 192.168.1.20 23 131.1.1.3
node(pf-napt)[access]#range 192.168.1.30 192.168.1.39 131.1.1.10 131.1.1.15
node(pf-napt)[access]#static 192.168.1.40 131.1.1.20
node(pf-napt)[access]static ah 192.168.1.41 131.1.1.120
Configuring a NAPT DMZ host
The NAPT allows a DMZ host to be configured, which receives any inbound traffic on the global NAPT
interface, which:
Is not translated by any static or dynamic NAPT entry and
Is not handled by the device itself.
The following procedure shows how a DMZ host can be configured.
Mode: profile napt <pf-name>
Step
1
[name] (pf-napt)[pf-name]# [no]
dmz-host <dmz-host-ip-address>
[<global-ip-address>]
Defining NAPT port ranges
The TCP/UDP port ranges to be used by the NAPT can be defined using the following procedure. The default
port ranges for both TCP/UDP are 8000 to 15999.
NAT/NAPT configuration task list
Command
is obsolete.
icmp default
"Introduction"
on page 131.
Command
Purpose
Creates a Static NAT entry: local-ip is mapped to
global-ip.
(max. 20 entries)
Creates a static NAT entry: traffic of the IP protocol
AH, ESP, GRE, or IPv6 respectively directed to the
global_ip is forwarded to the local_ip.
Configures a DMZ host. The global-ip-address must
only be specified, if the DMZ host shall handle the
inbound traffic for a different NAPT global IP address
than the gateways global interface IP address.
11 • NAT/NAPT configuration
Purpose
135

Advertisement

Table of Contents
loading

This manual is also suitable for:

Smartware release 5.1

Table of Contents