1. Manuals
  2. Brands
  3. D-Link Manuals
  4. Firewall
  5. DFL-210 - NetDefend - Security Appliance
  6. User manual

Static Address Translation (Sat); Translation Of A Single Ip Address (1:1); Enabling Traffic To A Protected Web Server In A Dmz - D-Link NetDefend DFL-210 User Manual

Network security firewall ver. 1.05
Hide thumbs Also See for NetDefend DFL-210:
Table of Contents

Advertisement

7.2. Static Address Translation (SAT)

7.2. Static Address Translation (SAT)
NetDefendOS can translate entire ranges of IP addresses and/or ports. Such translations are trans-
positions, that is, each address or port is mapped to a corresponding address or port in the new
range, rather than translating them all to the same address or port. This functionality is known as
Static Address Translation, hereinafter referred to as SAT.
Unlike NAT, a SAT policy requires more than a single SAT rule to function. NetDefendOS does not
terminate the rule-set lookup upon finding a matching SAT rule. Instead, it continues to search for a
matching Allow, NAT or FwdFast rule. Only when it has found such a matching rule does the sys-
tem execute the static address translation.

7.2.1. Translation of a Single IP Address (1:1)

The simplest form of SAT is translation of a single IP address. A very common usage for this type
of SAT is to enable external users to access a protected server having a private address. This scen-
ario is also commonly referred to as Virtual IP or Virtual Server in other types of products.
Example 7.2. Enabling Traffic to a Protected Web Server in a DMZ
In this example, we will create a SAT policy that will translate and allow connections from the Internet to a web
server located in a DMZ. The D-Link Firewall is connected to the Internet using the wan interface with address ob-
ject wan_ip (defined as 195.55.66.77) as IP address. The web server has the IP address 10.10.10.5 and is reach-
able through the dmz interface.
CLI
First create a SAT rule:
gw-world:/> add IPRule Action=SAT Service=http SourceInterface=any
Then create a corresponding Allow rule:
gw-world:/> add IPRule action=Allow Service=http SourceInterface=any
Web Interface
First create a SAT rule:
1.
Go to Rules > IP Rules > Add > IPRule
2.
Specify a suitable name for the rule, for instance SAT_HTTP_To_DMZ.
3.
Now enter:
Action: SAT
Service: http
Source Interface: any
Source Network: all-nets
Destination Interface: core
Destination Network: wan_ip
4.
Under the SAT tab, make sure that the Destination IP Address option is selected.
5.
In the New IP Address textbox, enter 10.10.10.5
6.
Click OK.
Then create a corresponding Allow rule:
SourceNetwork=all-nets DestinationInterface=core
DestinationNetwork=wan_ip SATTranslate=DestinationIP
SATTranslateToIP=10.10.10.5 Name=SAT_HTTP_To_DMZ
SourceNetwork=all-nets DestinationInterface=core
DestinationNetwork=wan_ip Name=Allow_HTTP_To_DMZ
164
Chapter 7. Address Translation

Advertisement

Table of Contents
loading

Related Manuals for D-Link NetDefend DFL-210

Related Content for D-Link NetDefend DFL-210

This manual is also suitable for:

Dfl-800Dfl-1600Netdefend dfl-2500Netdefend dfl-260Netdefend dfl-860Netdefend dfl-800 ... Show all

Table of Contents