The Role Of The Dmz; Enabling Traffic To A Protected Web Server In A Dmz - D-Link DFL-260E User Manual
Network security firewall netdefendos version 2.27.03
Hide thumbs
Also See for DFL-260E:
- Reference manual (948 pages) ,
- Log reference manual (652 pages) ,
- User manual (589 pages)
Table of Contents
Advertisement
7.4.1. Translation of a Single IP
Address (1:1)
The illustration below shows a typical network arrangement with the NetDefend Firewall mediating
communications between the public Internet and servers in the DMZ, and between the DMZ and
local clients on a network called LAN.
Example 7.3. Enabling Traffic to a Protected Web Server in a DMZ
In this example, we will create a SAT policy that will translate and allow connections from the Internet to a web
server located in a DMZ. The NetDefend Firewall is connected to the Internet using the wan interface with
address object wan_ip (defined as 195.55.66.77) as IP address. The web server has the IP address 10.10.10.5
and is reachable through the dmz interface.
Command-Line Interface
First, change the current category to be the main IP rule set:
gw-world:/> cc IPRuleSet main
Next, create a SAT IP rule:
gw-world:/main> add IPRule Action=SAT Service=http
Figure 7.4. The Role of the DMZ
Note: The DMZ port could be any port
On all models of D-Link NetDefend hardware, there is a specific Ethernet interface
which is marked as being for the DMZ network. Although this is the port's intended
use it could be used for other purposes and any Ethernet interface could also be used
instead for a DMZ.
SourceInterface=any
SourceNetwork=all-nets
DestinationInterface=core
DestinationNetwork=wan_ip
SATTranslate=DestinationIP
SATTranslateToIP=10.10.10.5
Name=SAT_HTTP_To_DMZ
350
Chapter 7. Address Translation
- Quick Links:
- The Web Interface
- The Cli
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
