LANCOM Reference Manual LCOS 3.50 ̈ Chapter 7: Routing and WAN connections
80
Routing and WAN
connections
Example: You are assigned the IP network address 123.45.67.0 with the net-
mask 255.255.255.248 by your provider. Then you can assign the IP addresses
as follows:
All computers and devices in the Intranet have no public IP address, and
therefore appear with the IP address of the LANCOM (123.45.67.1) on the
Internet.
Separation of Intranet and DMZ
Although Intranet and DMZ may be already separated on a Ethernet
level by distinct interfaces, an appropriate Firewall rules must be set
up in any case so that the DMZ is being separated from the LAN on
the IP level as well.
Thereby, the server service shall be available from the Internet and
from the Intranet, but any IP traffic from the DMZ towards the Intranet
must be prohibited. For the above example, this reads as follows:
̈ With a ’Allow All’ strategy (default): Deny access from 123.45.67.2 to “All
stations in local network“
̈ With a ’Deny All’ strategy (see ’Set-up of an explicit "Deny All" strategy’
→page 138): Allow access from "All stations in local network" to
123.45.67.2
7.4 N:N mapping
Network Address Translation (NAT) can be used for several different matters:
̈ for better utilizing the IP4 addresses ever becoming scarcer
̈ for coupling of networks with same (private) address ranges
̈ for producing unique addresses for network management
DMZ IP
address
Meaning/use
123.45.67.0 network address
123.45.67.1 LANCOM as a gateway for the Intranet
123.45.67.2 Device in the LAN which is to receive unmasked access to the Internet, e.g.
web server connected at the DMZ port
123.45.67.3 broadcast address