Filter
Top Products
The illustration below shows a typical network arrangement with the NetDefend Firewall mediating
communications between the public Internet and servers in the DMZ, and between the DMZ and
local clients on a network called LAN.
Figure 7.4. The Role of the DMZ
Note: The DMZ port could be any port
On all models of D-Link NetDefend hardware, there is a specific Ethernet port which
is marked as being for the DMZ network. Although this is the port's intended use it
could be used for other purposes and any Ethernet port could also be used instead for
a DMZ.
Example 7.3. Enabling Traffic to a Protected Web Server in a DMZ
In this example, we will create a SAT policy that will translate and allow connections from the Internet to a web
server located in a DMZ. The NetDefend Firewall is connected to the Internet using the wan interface with
address object wan_ip (defined as 195.55.66.77) as IP address. The web server has the IP address 10.10.10.5
and is reachable through the dmz interface.
Command-Line Interface
First, change the current category to be the main IP rule set:
gw-world:/> cc IPRuleSet main
Next, create a SAT IP rule:
gw-world:/main> add IPRule Action=SAT Service=http
SourceInterface=any
SourceNetwork=all-nets
DestinationInterface=core
DestinationNetwork=wan_ip
SATTranslate=DestinationIP
SATTranslateToIP=10.10.10.5
Name=SAT_HTTP_To_DMZ
7.4.1. Translation of a Single IP
Address (1:1)
Chapter 7. Address Translation
344