18

Release Note

Table 2: Required parameters for Firewall NAT rules.

 

 

 

 

Parameters

 

 

 

 

 

 

 

 

NAT Rule

Direction

IP

REMOTEIP

GBLIP

GBLREMOTEIP

NATMASK

Type

 

 

 

 

 

 

 

 

 

 

 

 

 

Standard

I

T

 

S

X

X

 

 

 

 

 

 

 

 

O

 

 

T

X

X

 

 

 

 

 

 

 

Standard

I

T

 

S

X

T

subnet

 

 

 

 

 

 

O

 

 

T

X

T

 

 

 

 

 

 

 

 

 

 

Enhanceda

I

 

T

X

 

X

 

O

 

 

T

X

X

 

 

 

 

 

 

 

Reverse

I

S

T

X

S

X

 

 

 

 

 

 

 

 

O

S

S

X

T

X

 

 

 

 

 

 

 

Reverse

I

S

T*

X

S

T*

subnet

 

 

 

 

 

 

O

S*

S

X

T

T*

 

 

 

 

 

 

 

 

Double

I

T

T*

S

S

X

 

 

 

 

 

 

 

 

O

S*

S

T

T

X

 

 

 

 

 

 

 

Double

I

T

T*

S

S

T*

subnet

 

 

 

 

 

 

O

S*

S*

T

T

T*

 

a. If the rule is applied to a public interface, the result will be reverse enhanced NAT.

Key to table:

Direction

I = in. The rule is applied to a public interface.

O = out. The rule is applied to a private interface.

S = Selector. The value supplied for this parameter is compared to the corresponding field in a packet.

T = Translator. The value supplied for this parameter is substituted into the packet to bring about the address translation.

* = A necessary parameter. The parameter is required for the rule to function correctly, but can be put into a SET FIREWALL POLICY RULE command if the ADD command line has become too long.

X = Not permitted. This parameter is not permitted in this type of NAT rule.

Empty table entry = an optional selector.

Web Redirection with Reverse NAT Rules

The implementation of reverse NAT allows the firewall to perform Web Redirection. A NAT rule can be created which redirects HTTP traffic and sends it to one particular web server, defined in the rule, regardless of where it was originally destined. Selector parameters may also be included in the rule to fine tune which traffic is to be directed.

This feature is particularly useful for ISPs operating in the travel and hospitality industry wishing to allow users, who may previously have been unknown to the ISP, to plug their PC or laptop into the ISP’s LAN. With web

Software Release 2.3.1 C613-10325-00 REV B

Page 18
Image 18
Allied Telesis AT-AR300 Web Redirection with Reverse NAT Rules, Required parameters for Firewall NAT rules Parameters