Table of Contents
Advertisement
4-34 Administrator's Handbook
Notes on the example
The Easy-Map List and the Easy-PAT List are attached to any new Connection Profile by default. If you want to
use this NAT configuration on a previously defined Connection Profile then you need to bind the Map List to the
profile. You do this through either the NAT Associations screen or the profile's configuration screens.
The PAT part of this example setup will allow any user on the Motorola Netopia
address in the range of 192.168.1.6 through 192.168.1.254 to initiate traffic flow to the outside world (for
example, the Internet). No one on the Internet would be able to initiate a conversation with them.
The Static mapping part of this example will allow any of the machines in the range of addresses from
192.168.1.1 through 192.168.1.5 to communicate with the outside world as if they were at the addresses
206.1.1.1 through 206.1.1.5, respectively. It also allows any machine on the Internet to access any service
(port) on any of these five machines.
You may decide this poses a security risk. You may decide that anyone can have complete access to your FTP
server, but not to your Router, and only limited access to the desired services (ports) on the Web and Mail
servers.
To make these changes, first limit the range of remapped addresses on the Static Map and then edit the
default server list called Easy-Servers.
•
First, navigate to the Show/Change Map List screen, select Easy-PAT List and then Show/Change Maps.
Choose the Static Map you created and change the First Private Address from 192.168.1.1 to
192.168.1.4. Now the Router, Web, and Mail servers' IP addresses are no longer included in the range of
static mappings and are therefore no longer accessible to the outside world. Users on the Internet will not
be able to Telnet, Web, SNMP, or ping to them. It is best also to navigate to the public range screen and
change the Static Range to go from 206.1.1.5.
•
Next, navigate to Show/Change Server List and select Easy-Servers and then Add Server. You should
export both the Web (www-http) and Mail (smtp) ports to one of the now free public addresses. Select
Service... and from the resulting pop-up menu select www-http. In the resulting screen enter your Web
server's address, 192.168.1.2, and the public address, for example, 206.1.1.2, and then select ADD NAT
SERVER. Now return to Add Server, choose the smtp port and enter 192.168.1.3, your Mail server's IP
address for the Server Private IP Address. You can decide if you want to present both your Web and Mail
services as being on the same public address, 206.1.1.2, or if you prefer to have your Mail server appear
to be at a different IP address, 206.1.1.3. For the sake of this example, alias both services to 206.1.1.2.
Now, as before, the PAT configuration will allow any user on the Motorola Netopia
address in the range of 192.168.1.6 through 192.168.1.254 to initiate traffic flow to the Internet. Someone at
the FTP server can access the Internet and the Internet can access all services of the FTP machine as if it were
at 206.1.1.5. The Router cannot directly communicate with the outside world. The only communication between
the Web server and the Internet is through port 80, the Web port, as if the server were located on a machine at
IP address 206.1.1.2. Similarly, the only communication with the Mail server is through port 25, the SMTP port,
as if it were located at IP address 206.1.1.2
®
Router's LAN with an IP
®
Router's LAN with an IP
Advertisement
Table of Contents
