D-Link DFL-1660 User Manual page 301

7.3.1. Translation of a Single IP
Address (1:1)
Then create a corresponding Allow rule:
gw-world:/main> add IPRule action=Allow Service=http SourceInterface=any
Web Interface
First create a SAT rule:
1. Go to Rules > IP Rules > Add > IPRule
2. Specify a suitable name for the rule, for example SAT_HTTP_To_DMZ
3. Now enter:
• Action: SAT
• Service: http
• Source Interface: any
• Source Network: all-nets
• Destination Interface: core
• Destination Network: wan_ip
4. Under the SAT tab, make sure that the Destination IP Address option is selected
5. In the New IP Address textbox, enter 10.10.10.5
6. Click OK
Then create a corresponding Allow rule:
1. Go to Rules > IP Rules > Add > IPRule
2. Specify a suitable name for the rule, for example Allow_HTTP_To_DMZ
3. Now enter:
• Action: Allow
• Service: http
• Source Interface: any
• Source Network: all-nets
• Destination Interface: core
• Destination Network: wan_ip
4. Under the Service tab, select http in the Predefined list
5. Click OK
The example results in the following two rules in the rule set:
# Action Src Iface
1 SAT any
2 Allow any
These two rules allow us to access the web server via the NetDefend Firewall's external IP address. Rule 1 states
that address translation can take place if the connection has been permitted, and rule 2 permits the connection.
Of course, we also need a rule that allows internal machines to be dynamically address translated to the Internet.
In this example, we use a rule that permits everything from the internal network to access the Internet via NAT
DestinationNetwork=wan_ip SATTranslate=DestinationIP
SATTranslateToIP=10.10.10.5 Name=SAT_HTTP_To_DMZ
SourceNetwork=all-nets DestinationInterface=core
DestinationNetwork=wan_ip Name=Allow_HTTP_To_DMZ
Src Net Dest Iface
all-nets core
all-nets core
Dest Net Parameters
wan_ip http SETDEST 10.10.10.5 80
wan_ip http
301
Chapter 7. Address Translation