Specifying A Nat Ip Policy - D-Link NetDefendOS User Manual

The NATAction option could be left out since the default value is to use the interface address. The
alternative is to specify UseSenderAddress and use the NATSenderAddress option to specify the IP
address to use. The sender address will also need to be explicitly ARP published on the interface.
Web Interface
1. Go to: Policies > Firewalling > Main IP Rules > Add > IP Rule
2. Specify a suitable name for the rule, for example NAT_HTTP
3. Now enter:
• Action: NAT
• Service: http
• Source Interface: lan
• Source Network: lannet
• Destination Interface: wan
• Destination Network: all-nets
4. Under the NAT tab, make sure that the Use Interface Address option is selected
5. Click OK
Logging is enabled by default.
Specifying NAT with an IP Policy
A NetDefendOS IP Policy object can be used instead of an IP Rule object. An IP policy is essentially
equivalent in function but makes it simpler to associate other functions with NAT such as
authentication, application control and traffic shaping. The example below performs the same
task as the previous example.
Example 7.2. Specifying a NAT IP Policy
This example adds a NAT IP policy that will perform address translation for all HTTP traffic
originating from the internal network lan flowing to the public Internet on the wan interface. The
IP address of the wan interface will be used as the NATing address for all connections.
Command-Line Interface
gw-world:/> add IPPolicy
SourceInterface=lan
SourceNetwork=lannet
DestinationInterface=wan
DestinationNetwork=all-nets
Service=http-all
Name=NAT_HTTP
Action=Allow
SourceAction=NAT
579
Chapter 7: Address Translation