Allied Telesis AT-AR300 manual Web Redirection with Reverse NAT Rules

Page 18

18

Release Note

Table 2: Required parameters for Firewall NAT rules.

 

 

 

 

Parameters

 

 

 

 

 

 

 

 

NAT Rule

Direction

IP

REMOTEIP

GBLIP

GBLREMOTEIP

NATMASK

Type

 

 

 

 

 

 

 

 

 

 

 

 

 

Standard

I

T

 

S

X

X

 

 

 

 

 

 

 

 

O

 

 

T

X

X

 

 

 

 

 

 

 

Standard

I

T

 

S

X

T

subnet

 

 

 

 

 

 

O

 

 

T

X

T

 

 

 

 

 

 

 

 

 

 

Enhanceda

I

 

T

X

 

X

 

O

 

 

T

X

X

 

 

 

 

 

 

 

Reverse

I

S

T

X

S

X

 

 

 

 

 

 

 

 

O

S

S

X

T

X

 

 

 

 

 

 

 

Reverse

I

S

T*

X

S

T*

subnet

 

 

 

 

 

 

O

S*

S

X

T

T*

 

 

 

 

 

 

 

 

Double

I

T

T*

S

S

X

 

 

 

 

 

 

 

 

O

S*

S

T

T

X

 

 

 

 

 

 

 

Double

I

T

T*

S

S

T*

subnet

 

 

 

 

 

 

O

S*

S*

T

T

T*

 

a. If the rule is applied to a public interface, the result will be reverse enhanced NAT.

Key to table:

Direction

I = in. The rule is applied to a public interface.

O = out. The rule is applied to a private interface.

S = Selector. The value supplied for this parameter is compared to the corresponding field in a packet.

T = Translator. The value supplied for this parameter is substituted into the packet to bring about the address translation.

* = A necessary parameter. The parameter is required for the rule to function correctly, but can be put into a SET FIREWALL POLICY RULE command if the ADD command line has become too long.

X = Not permitted. This parameter is not permitted in this type of NAT rule.

Empty table entry = an optional selector.

Web Redirection with Reverse NAT Rules

The implementation of reverse NAT allows the firewall to perform Web Redirection. A NAT rule can be created which redirects HTTP traffic and sends it to one particular web server, defined in the rule, regardless of where it was originally destined. Selector parameters may also be included in the rule to fine tune which traffic is to be directed.

This feature is particularly useful for ISPs operating in the travel and hospitality industry wishing to allow users, who may previously have been unknown to the ISP, to plug their PC or laptop into the ISP’s LAN. With web

Software Release 2.3.1 C613-10325-00 REV B

Page 17 Page 19
Image 18
Page 17 Page 19
Contents Software Release Introduction Hardware PlatformsRapier i Series Hot Swapping Network Service Modules Hot swap an NSM out of an NSM bay Software Features Example output from the Show Interface command NSM Hot Swap Software SupportDomain Name Server Enhancements DNS CachingServer Selection Automatic Nameserver Configuration Telnet Server Port NumberTriggers for Ethernet Interfaces Enco Channels IP Security IPsec Source Interface Enhancements Ospf on Demand Isdn Paladin Firewall Enhancements Interface-based NATRule-based NAT New Command Syntax Time Limited RulesRelease Note Software Release Web Redirection with Reverse NAT Rules Required parameters for Firewall NAT rules ParametersFurther Examples Firewall and IPsec TunnelStandard NAT Paladin Firewall Http Application Gateway Proxy Show OutputFirewall Http Proxies and Firewall Policies Http FiltersADD Firewall POLICY=zone1 HTTPFILTER=banned.htp Http Cookies Firewall Policy Debugging Show Firewall PolicyVrrp Port Monitoring Http Proxy Filter FileWhere Stepvalue is a decimal number in the range 1 to Border Gateway Protocol 4 BGP-4 IP and Interface Counters Internet Protocol IPTo reset IP interfaces, use the command Example output from the Show IP COUNTER=INTERFACE command Example output from the Show IP COUNTER=SNMP command Telephony PBX Functionality Bandwidth Limiting Errata Telnet ServerInstallation Enable Telnet ServerRelease Note
Top Page Image Contents