Translation Of Multiple Ip Addresses (M:n); Translating Traffic To Multiple Protected Web Servers - D-Link NetDefend DFL-210 User Manual
Network security firewall ver 2.26.01
Hide thumbs
Also See for NetDefend DFL-210:
- Log reference manual (476 pages) ,
- User manual (469 pages) ,
- Cli reference manual (213 pages)
Table of Contents
Advertisement
7.4.2. Translation of Multiple IP
Addresses (M:N)
•
The reply arrives and both address translations are restored:
195.55.66.77:80 => 10.0.0.3:1038
In this way, the reply arrives at PC1 from the expected address.
Another possible solution to this problem is to allow internal clients to speak directly to 10.0.0.2 and this would
completely avoid all the problems associated with address translation. However, this is not always practical.
7.4.2. Translation of Multiple IP Addresses (M:N)
A single SAT rule can be used to translate an entire range of IP addresses. In this case, the result is a
transposition where the first original IP address will be translated to the first IP address in the
translation list and so on.
For instance, a SAT policy specifying that connections to the 194.1.2.16/29 network should be
translated to 192.168.0.50 will result in transpositions which are described in the table below:
In other words:
•
Attempts to communicate with 194.1.2.16 will result in a connection to 192.168.0.50.
•
Attempts to communicate with 194.1.2.22 will result in a connection to 192.168.0.56.
An example of when this is useful is when having several protected servers in a DMZ, and where
each server should be accessible using a unique public IP address.
Example 7.5. Translating Traffic to Multiple Protected Web Servers
In this example, we will create a SAT policy that will translate and allow connections from the Internet to five web
servers located in a DMZ. The NetDefend Firewall is connected to the Internet using the wan interface, and the
public IP addresses to use are in the range of 195.55.66.77 to 195.55.66.81. The web servers have IP addresses
in the range 10.10.10.5 to 10.10.10.9, and they are reachable through the dmz interface.
To accomplish the task, the following steps need to be performed:
•
Define an address object containing the public IP addresses.
•
Define another address object for the base of the web server IP addresses.
•
Publish the public IP addresses on the wan interface using the ARP publish mechanism.
•
Create a SAT rule that will perform the translation.
•
Create an Allow rule that will permit the incoming HTTP connections.
Command-Line Interface
Create an address object for the public IP addresses:
gw-world:/> add Address IP4Address wwwsrv_pub
Original Address
194.1.2.16
194.1.2.17
194.1.2.18
194.1.2.19
194.1.2.20
194.1.2.21
194.1.2.22
194.1.2.23
Translated Address
310
Chapter 7. Address Translation
192.168.0.50
192.168.0.51
192.168.0.52
192.168.0.53
192.168.0.54
192.168.0.55
192.168.0.56
192.168.0.57
Advertisement
Table of Contents
Troubleshooting
