it could be used for other purposes and any Ethernet interface could also be used instead
for a DMZ.
Example 7.4. One-to-One IP Translation
In this example, SAT will be used to translate and allow connections from the public Internet to a
web server located in a DMZ. The NetDefend Firewall is connected to the Internet via the wan
interface with address object wan_ip (defined as 195.55.66.77) as its IP address. The web server
has the IPv4 address 10.10.10.5 and is reachable through the dmz interface. The port number will
not be translated.
Command-Line Interface
Create a SAT IP rule:
gw-world:/> add IPRule Action=SAT
Then create a corresponding Allow rule:
gw-world:/> add IPRule Action=Allow
Web Interface
First create a SAT rule:
1.
Go to: Policies > Firewalling > Main IP Rules > Add > IP Rule
2.
Specify a suitable name for the rule, for example SAT_HTTP_To_DMZ
3.
Now enter:
•
Action: SAT
•
Service: http-all
•
Source Interface: wan
•
Source Network: all-nets
•
Destination Interface: core
•
Destination Network: wan_ip
•
SAT Translate: Destination IP
Service=http-all
SourceInterface=wan
SourceNetwork=all-nets
DestinationInterface=core
DestinationNetwork=wan_ip
SATTranslate=DestinationIP
SATTranslateToIP=10.10.10.5
Name=SAT_HTTP_To_DMZ
Service=http-all
SourceInterface=wan
SourceNetwork=all-nets
DestinationInterface=core
DestinationNetwork=wan_ip
Name=Allow_HTTP_To_DMZ
591
Chapter 7: Address Translation