1. Manuals
  2. Brands
  3. D-Link Manuals
  4. Firewall
  5. DFL-210 - NetDefend - Security Appliance
  6. User manual

Static Address Translation; Translation Of A Single Ip Address (1:1); Enabling Traffic To A Protected Web Server In A Dmz - D-Link NetDefend DFL-210 User Manual

Network security firewall
Hide thumbs Also See for NetDefend DFL-210:
Table of Contents

Advertisement

7.3. Static Address Translation

7.3. Static Address Translation
NetDefendOS can translate entire ranges of IP addresses and/or ports. Such translations are
transpositions, that is, each address or port is mapped to a corresponding address or port in the new
range, rather than translating them all to the same address or port. This functionality is known as
Static Address Translation (SAT).
Unlike NAT, SAT requires more than just a single SAT rule to function. NetDefendOS does not
terminate the rule set lookup upon finding a matching SAT rule. Instead, it continues to search for a
matching Allow, NAT or FwdFast rule. Only when it has found such a matching rule does
NetDefendOS execute the SAT rule.

7.3.1. Translation of a Single IP Address (1:1)

The simplest form of SAT usage is translation of a single IP address. A very common scenario for
this is to enable external users to access a protected server having a private address. This scenario is
also sometimes referred to as a Virtual IP or Virtual Server in some other manufacturer's products.
Example 7.3. Enabling Traffic to a Protected Web Server in a DMZ
In this example, we will create a SAT policy that will translate and allow connections from the Internet to a web
server located in a DMZ. The D-Link Firewall is connected to the Internet using the wan interface with address
object wan_ip (defined as 195.55.66.77) as IP address. The web server has the IP address 10.10.10.5 and is
reachable through the dmz interface.
CLI
First create a SAT rule:
gw-world:/> add IPRule Action=SAT Service=http SourceInterface=any
Then create a corresponding Allow rule:
gw-world:/> add IPRule action=Allow Service=http SourceInterface=any
Web Interface
First create a SAT rule:
1.
Go to Rules > IP Rules > Add > IPRule
2.
Specify a suitable name for the rule, eg. SAT_HTTP_To_DMZ
3.
Now enter:
Action: SAT
Service: http
Source Interface: any
Source Network: all-nets
Destination Interface: core
Destination Network: wan_ip
4.
Under the SAT tab, make sure that the Destination IP Address option is selected
5.
In the New IP Address textbox, enter 10.10.10.5
6.
Click OK
SourceNetwork=all-nets DestinationInterface=core
DestinationNetwork=wan_ip SATTranslate=DestinationIP
SATTranslateToIP=10.10.10.5 Name=SAT_HTTP_To_DMZ
SourceNetwork=all-nets DestinationInterface=core
DestinationNetwork=wan_ip Name=Allow_HTTP_To_DMZ
210
Chapter 7. Address Translation

Advertisement

Table of Contents
loading

Related Manuals for D-Link NetDefend DFL-210

Related Content for D-Link NetDefend DFL-210

This manual is also suitable for:

Dfl-800Netdefend dfl-2500Dfl-1600Netdefend dfl-860Netdefend dfl-260Netdefend dfl-800 ... Show all

Table of Contents