Download User Manual - D-Link
Transcript
7.4.7. SAT and FwdFast Rules Chapter 7. Address Translation themselves. This will not work, as the packets will be interpreted as coming from the wrong address. We will now try moving the NAT rule between the SAT and FwdFast rules: # Action Src Iface Src Net Dest Iface Dest Net Parameters 1 SAT any all-nets core wan_ip http SETDEST wwwsrv 80 2 SAT lan wwwsrv any all-nets 80 -> All SETSRC wan_ip 80 3 NAT lan lannet any all-nets all_services 4 FwdFast any all-nets core wan_ip http 5 FwdFast lan wwwsrv any all-nets 80 -> All What happens now? • External traffic to wan_ip:80 will match rules 1 and 4, and will be sent to wwwsrv. Correct. • Return traffic from wwwsrv:80 will match rules 2 and 3. The replies will therefore be dynamically address translated. This changes the source port to a completely different port, which will not work. The problem can be solved using the following rule set: # Action Src Iface Src Net Dest Iface Dest Net Parameters 1 SAT any all-nets core wan_ip http SETDEST wwwsrv 80 2 SAT lan wwwsrv any all-nets 80 -> All SETSRC wan_ip 80 3 FwdFast lan wwwsrv any all-nets 80 -> All 4 NAT lan lannet any all-nets all_services 5 FwdFast lan wwwsrv any all-nets 80 -> All • External traffic to wan_ip:80 will match rules 1 and 5 and will be sent to wwwsrv. • Return traffic from wwwsrv:80 will match rules 2 and 3. • Internal traffic to wan_ip:80 will match rules 1 and 4, and will be sent to wwwsrv. The sender address will be the NetDefend Firewall's internal IP address, guaranteeing that return traffic passes through the NetDefend Firewall. • Return traffic will automatically be handled by the NetDefend Firewall's stateful inspection mechanism. 389
Related documents
User Manual - D-Link
User Manual - D-Link
D-Link DFL-2560G Network Security UTM Firewall
User Manual - D-Link
D-Link DFL-200 User's Manual
User Manual - To Parent Directory
Use of IEEE P802.17 Draft Contribution Templates Draft 0.40:85
- D-Link
"user manual"
DFL - D-Link
DES-3028/52 Series Firmware Release Notes - D-Link
DES-3028/52 Series Firmware Release Notes - D-Link