Multitech RF830-AP, RF820-AP manual Network Setup Snat, Service

Page 54

Chapter 5 – Configuration Using Web Management Software

Network Setup > SNAT

Network Setup > SNAT

The SNAT (Source Network Address Translation) process allows attaching private networks to public networks. SNAT is used when you want to have a LAN using a private IP network to be connected to the internet via a firewall. Since the private IP addresses are not routed on the internet, you have to apply SNAT on the firewall’s external interface.

The RouteFinder’s internal interface serves as the default gateway for the LAN. Hence, a rule is added to the RouteFinder to replace the source address of all packets crossing its external interface from inside to outside with the RouteFinder’s own interface IP address. Once the request gets answered from the Internet host, the RouteFinder will receive the reply packets and will forward them to the client on the LAN.

On this screen you can set up the RouteFinder‘s ability to rewrite the source address of in-transit data packages using SNAT. This functionality is equivalent to DNAT, except that the source addresses of the IP packets are converted instead of the target addresses being converted. This can be helpful in more complex situations (e.g., diverting reply packets of connections to other networks or hosts).

Important

For SNAT support, the TCP and/or UDP settings must be enabled in the Networks menu.

As the translation takes place after the filtering by packet filter rules, you must allow connections that concern your SNAT rules in Packet Filters > Packet Filter Rules with the original source address. Packet filter rules are covered later in this chapter.

To create simple connections from private networks to the Internet, you should use the Network Setup > Masquerading function instead of SNAT. In contrast to Masquerading, SNAT is a static address conversion, and the rewritten source address does not have to be one of the RouteFinder‘s IP addresses.

Add SNAT Definition – From the drop down lists, select IP packet characteristics to be translated.

Pre SNAT Source

Select the original source network of the packet. The network must be predefined in the Networks menu. The entry is confirmed by clicking the Add button. Existing entries can be deleted or edited.

Service

Allows the corresponding service for the Pre SNAT Source entry field to be chosen from the select menus. The service must have already been defined in the Services menu.

Destination

Select the target network of the packet. The network must have been defined in the Network menu. The entry is confirmed by clicking the Add button. Existing entries can be deleted or edited by clicking the Edit or the Delete buttons.

Post SNAT Source

Selects the source addresses of all the packets after the translation. Only one host can be specified here. The entry is confirmed by clicking the Add button. Existing entries can be deleted or edited by clicking the Edit or the Delete buttons.

About Failover Status (For the RF830/RF830-AP Only):

Failover is a transition that takes place when one individual computer fails and a backup unit automatically takes over its request load. Failover can be enabled on this device only if the Post SNAT Source is WANLINK1 Interface or WANLINK2 Interface. Additionally, Failover requires that Spoofing be disabled and that there are Masquerading rules between LAN > WAN1 and LAN > WAN2.

Multi-Tech Systems, Inc. RouteFinder SOHO RF820/RF820-AP & RF830/RF830-AP User Guide (S000399E)

54

Page 53 Page 55
Image 54
Page 53 Page 55
Contents RouteFinder→ Soho Patents Warranty TrademarksRevision Date Description World HeadquartersContents Key Features Introduction DescriptionFeature Details RouteFinder Ship Kit Contents RouteFinder DocumentationLEDs Telecom Warnings for the ModemRF820/RF820-AP Front Panel RF830/RF830-AP Front Panel DescriptionConnector Back PanelsRF820 RF820-AP RF830 RF830-AP Typical Applications Specifications Specifications RF820 and RF820-AP RF830 and RF830-APVPN Specifications for 802.11b/g Interface SpecificationsRF8230AP and RF830AP RF820 InstallationCabling Your RouteFinder RF820-APRF830 RF830-APSetting up a Workstation and Starting RouteFinder Establish TCP/IP CommunicationTo Set a Fixed IP Address Click the Properties buttonOpen a Web Browser Navigating the Screens Menu Bar Sub Other Options Screen Name Input AreaSub-Menus Network Setup WirelessMenu Bar Table of Menus and Sub-MenusConfiguring RouteFinder Start the RouteFinder ConfigurationAbout IPSec Using the Wizard Setup Screen to Configure Your RouteFinder RouteFinder Initial ConfigurationWizard Setup Screen NotesISP Settings WAN 1 Dhcp Client ChoiceWAN 1 Static IP Choice WAN 1 PPPoE Choice MTU Important Note About Save and Restart Save to Flash MemoryRestart Administration System Setup Configuration Using Web Management SoftwareAdministration Administration System SetupAuto Reboot Timer Configure Email NotificationEmail Address Administration Administrative Access Administration Administrative AccessAdministrative Access Screen NoteOld Password, New Password, Confirmation Change PasswordAdministrative Access Http Port Web Interface Inactivity Time OutAdministration System Logs Administration Remote Syslog Administration System LogsAdministration Remote Syslog Remote SyslogAdministration Sntp Client Administration Sntp ClientSntp Configuration General ConfigurationDaylight Saving Start Time Administration Sntp Client Time Zone ConfigurationDaylight Configuration Daylight Saving End TimeAdministration Tools Administration ToolsReset to Factory Defaults Administration Factory DefaultsReset Modem Administration Tools Administration Factory DefaultsNetworks & Services Networks & Services Network ConfigurationNetworks & Services Network Configuration How to Confirm Your Entries RF830/RF830-AP Network Configuration ScreenNetwork Configuration Fields Important Network NotesNetworks & Services Services Networks & Services Service ConfigurationThis is an example of screen with the TCP protocol selected TCP, UDP, and TCP& UDP Service ConfigurationEditing and Deleting User-Added Services AH and ESPNetwork Setup Network Setup IP SettingsNetwork Setup IP Settings WAN Choice Static IP WAN Choice Dhcp Client DefaultDefault Gateway WAN 1 & WAN 2 WAN 2 is for the RF830/RF830-AP onlyWAN Choice PPPoE Network Setup Wireless LAN Wlan SettingsWlan Security Network Setup Wireless LAN Wlan SecuritySecurity Selection Disable Select SecurityNetwork Setup Wireless LAN Wlan Security WEP Key WEP Key to IndexWPA-PSK/WPA2-PSK Key Group Key Rekeying Network Setup Wireless LAN Wlan Client Filter Access Control ListNetwork Setup Advanced IP Settings Network Setup PPP Cellular/Analog Backup Network Setup PPP Cellular/Analog BackupPPP Client for Cellular/Analog Modem Backup Screen Note This screen applies to the RF820/RF820-AP onlySIM Initialization String only for Cellular Modems Signal Strength only for Cellular ModemsModem Initialization Strings PPP Keep-Alive ParametersLoad Balancing Keep Alive URL Configuration Network Setup Load BalancingLoad Balancing Weight Configuration Network Setup Load Balancing Network Setup Dynamic DNS Network Setup Dynamic DNS Ddns Failover for the RF830/RF830-AP only Check IP Use WildcardCustom DNS Check IP ServerNetwork Setup Static Routes Network Setup IP MasqueradingNetwork Setup Snat Network Setup SnatService Add Dnat Definition Network Setup DnatNetwork Setup Dnat WAN IPPacket Filters Packet Filter Packet Filter RulesTo Host/Networks ServicesFrom Host/Networks ActionPacket Filters Advanced Filters Packet Filters Advanced FiltersIcmp Forwarding Packet Filter IcmpPacket Filter Packet Filter Log Icmp on FirewallVPN IPSec VPN Virtual Private NetworkVPN IPSec Add a New ConnectionAdd an IKE Connection Add IKE ConnectionNumber of Retries NetBIOS BroadcastVPN IPSec Add IKE Connection Key Life Left Next HopAdd a Manual Connection Add Manual ConnectionVPN IPSec Add Manual Connection Fqdn Encryption Strength Pptp SettingsPptp Status Select Remote AddressUser Authentication Authentication TypeAuthentication Type Select Radius Http Status ProxyProxy Http Proxy Http Allowed NetworksProxy Custom Filters Proxy DNS Proxy Proxy DNS ProxyDNS Proxy LAN StatusDhcp Server Dhcp Server LAN Subnet SettingsDhcp Server LAN Subnet Settings Dhcp Server on LANDhcp Server Wlan Subnet Settings and Wlan Fixed Addresses Add Fixed AddressAdd Fixed Address Utilities Backup Utilities Firmware Upgrade Utilities BackupUtilities Firmware Upgrade BackupStatistics & Logs System Information Statistics & LogsStatistics & Logs System Information RF820/RF820-AP Screen RF830/RF830-AP ScreenStatistics & Logs Network Interface Details All Access Requests to Firewall Violating Security PolicyLog Access to Administrative Access Port Statistics & Logs Packet Filter LogStatistics & Logs IPSec Live Log Statistics & Logs Pptp Live LogStatistics & Logs Dhcp Server Live Log Statistics & Logs PPP Cellular/Analog Log Statistics & Logs Wlan Client Live LogStatistics & Logs Log Traces Statistics & Logs Log TracesTroubleshooting System Diagnostics as a Troubleshooting ToolProblem #4 Frequently Asked Questions How will I be notified of new router firmware upgrades? How do I access the Router’s setup pages with a Mac?If all else fails in the installation, what can I do? Which modems are compatible with the router?Appendix a Table of Commonly Supported Subnet Addresses Network Number Hosts Available Broadcast Address Antenna Appendix B Antenna for Wireless RouteFinderAntenna Electrical Characteristics MechanicalAppendix C Waste Electrical Electronic Equipment Directive WeeeGlossary AESIKE Isdn TA Ping PptpSsid Tkip WEPWlan Wireless Local Area Network WPA-PSKIndex Data Encryption Standard DES DefinitionNetwork Setup PPP Cellular/Analog Modem Stats & Logs Dhcp Server Live Log
Top Page Image Contents