create an external address for the web server on the Internet. You must then add a virtual IP to the firewall that maps the external IP address of the web server to the actual address of the web server on your internal network. To allow connections from the Internet to the web server, you must then add an Ext ->Int firewall policy and set Destination to the virtual IP.

You can create two types of virtual IPs:

Static NAT

Port Forwarding

Used in Ext ->Int policies to translate an address on the Internet to a hidden address on the internal network. Static NAT translates the source address of outbound packets to the address to the address on the Internet.

Used in Ext ->Int policies to translate an address and a port number on a less secure network to a hidden address and, optionally, a different port number on a more secure network. Using port forwarding you can also route packets with a specific port number and a destination address that matches the IP address of the interface that receives the packets. This technique is called port forwarding or port address translation (PAT). You can also use port forwarding to change the destination port of the forwarded packets.

If you use the setup wizard to configure internal server settings, the firewall adds port forwarding virtual IPs and Ext ->Int policies for each server that you configure.

Virtual IPs are not required in Transparent mode.

This section describes:

Adding static NAT virtual IPs

Using port forwarding virtual IPs

Adding policies with virtual IPs

Adding static NAT virtual IPs

Go to Firewall > Virtual IP .

Select New to add a virtual IP.

Enter a Name for the virtual IP.

The name can contain numbers (0-9), uppercase and lowercase letters (A-Z, a-z), and the special characters - and _. Other special characters and spaces are not allowed.

Make sure Type is set to Static NAT.

In the External IP Address field, enter the external IP address to be mapped to an address on the internal network.

For example, if the virtual IP provides access from the Internet to a web server on your internal network, the external IP address must be a static IP address obtained from your ISP for your web server. This address must be a unique address that is not used by another host and cannot be the same as the IP address of the firewall external interface. However, this address must be routed to the firewall external interface.

DFL-500 User Manual

36

 

Page 35 Page 37
Page 36
Image 36
D-Link DFL-500 user manual Adding static NAT virtual IPs, Go to Firewall Virtual IP, Static NAT Port Forwarding
Page 35 Page 37
Top Page Image Contents