Translating Traffic To Multiple Protected Web Servers - D-Link NetDefend DFL-210 User Manual
Network security firewall ver. 1.05
Hide thumbs
Also See for NetDefend DFL-210:
- User manual (495 pages) ,
- Log reference manual (476 pages) ,
- Cli reference manual (213 pages)
Table of Contents
Advertisement
7.2.2. Translation of Multiple IP Ad-
dresses (M:N)
Example 7.4. Translating Traffic to Multiple Protected Web Servers
In this example, we will create a SAT policy that will translate and allow connections from the Internet to five web
servers located in a DMZ. The D-Link Firewall is connected to the Internet using the wan interface, and the public
IP addresses to use are in the range of 195.55.66.77 to 195.55.66.81. The web servers have IP addresses in the
range 10.10.10.5 to 10.10.10.9, and they are reachable through the dmz interface.
To accomplish the task, the following steps need to be performed:
•
Define an address object containing the public IP addresses.
•
Define another address object for the base of the web server IP addresses.
•
Publish the public IP addresses on the wan interface using the ARP publish mechanism.
•
Create a SAT rule that will perform the translation.
•
Create an Allow rule that will permit the incoming HTTP connections.
CLI
Create an address object for the public IP addresses:
gw-world:/> add Address IP4Address wwwsrv_pub Address=195.55.66.77-195.55.66.81
Now, create another object for the base of the web server IP addresses:
gw-world:/> add Address IP4Address wwwsrv_priv_base Address=10.10.10.5
Publish the public IP addresses on the wan interface using ARP publish. One ARP item is needed for every IP ad-
dress:
gw-world:/> add ARP Interface=wan IP=195.55.66.77 mode=Publish
Repeat for all the five public IP addresses. Create a SAT rule for the translation:
gw-world:/> add IPRule Action=SAT Service=http SourceInterface=any
Finally, create a corresponding Allow Rule:
gw-world:/> add IPRule Action=Allow Service=http SourceInterface=any
Web Interface
Create an address object for the public IP address:
1.
Go to Objects > Address Book > Add > IP address
2.
Specify a suitable name for the object, for instance wwwsrv_pub.
3.
Enter 195.55.66.77-195.55.66.77.81 in the IP Address textbox.
4.
Click OK.
Now, create another address object for the base of the web server IP addresses:
1.
Go to Objects > Address Book > Add > IP address
2.
Specify a suitable name for the object, for instance wwwsrv_priv_base.
3.
Enter 10.10.10.5 in the IP Address textbox.
4.
Click OK.
Publish the public adresses in the wan interface using ARP publish. One ARP item is needed for every IP ad-
dress:
SourceNetwork=all-nets DestinationInterface=core
DestinationNetwork=wwwsrv_pub SATTranslateToIP=wwwsrv_priv_base
SATTranslate=DestinationIP
SourceNetwork=all-nets DestinationInterface=core
DestinationNetwork=wwwsrv_pub
168
Chapter 7. Address Translation
Advertisement
Table of Contents
