14.3. Scenarios: IP Rules Configuration
3. Create HTTP SAT/NAT Rule
Next step is to create an NAT rule to permit traffic SAT:ed by the
above rule.
Rules
IP Rules
Name: SATNAT to WebServer
Action: NAT
Service: http
Source Interface: any
Source Network: all-nets
Destination Interface: core
Destination Network: ip ext
Then click OK
4. Create HTTP NAT Rule
Final step is to create a NAT rule that allows internal machines on
the local network to access the Internet via HTTP.
Rules
IP Rules
Name: HTTP from LAN
Action: NAT
Service: http
Source Interface: LAN
Source Network: lan-net
Destination Interface: any
Destination Network: all-nets
Then click OK
SAT needs a second rule
SAT rule needs a second rule line to pass traffic through (shown as
the "Allow" rule above). The second rule can be a Allow, FwdFast, or
NAT, and this second rule line must be placed below the initiating
SAT rule.
The initiating SAT rule does nothing to the actual data. If there is a
match with the packet received and a SAT rule, the firewall will
Add
IP Rule:
Add
IP Rule:
Note
D-Link Firewalls User's Guide
121