Chapter 16 Virtual Servers

 

Table 105 Network > Virtual Server > Edit (continued)

 

LABEL

DESCRIPTION

 

Add

Select this to allow local users to use a domain name to access this virtual server.

 

corresponding

By default this virtual server entry only applies this address mapping to packets

 

Policy Route rule

coming in from the WAN.

 

for NAT

Or you can click Policy Route to go to the screens where you can manually

 

Loopback.

configure a NAT loopback policy route for this virtual server.

 

 

See NAT Loopback Example on page 317 for an example of NAT loopback.

 

 

 

 

Firewall

By default the firewall blocks incoming connections from external addresses. After

 

 

you configure your virtual server rule settings, click the Firewall link to configure a

 

 

firewall rule to allow the virtual server’s traffic to come in.

 

 

The ZyWALL checks virtual servers before it applies To-ZyWALL firewall rules, so

 

 

To-ZyWALL firewall rules do not apply to traffic that is forwarded by virtual servers.

 

 

The ZyWALL still checks other firewall rules according to the source IP address

 

 

and mapped IP address.

 

 

 

 

OK

Click OK to save your changes back to the ZyWALL.

 

 

 

 

Cancel

Click Cancel to return to the Virtual Server summary screen without creating the

 

 

virtual server (if it is new) or saving any changes (if it already exists).

 

 

 

16.3 NAT 1:1 and NAT Loopback Examples

The following sections provide examples of manually configuring NAT 1:1 mapping and a policy route rule for NAT loopback. These are provided for your reference, you can select options in the Virtual Server Add/Edit screen to have the ZyWALL automatically configure these for you instead of configuring them manually.

NAT 1:1 Example

In this example, there is an SMTP mail server in the LAN1 zone. It has a private IP address of 192.168.1.21. The public IP address of the server is 1.1.1.1.

In order for the server to be accessible to people from the Internet (WAN zone), you need to create a 1:1 NAT mapping from the public IP address to its private one.

The firewall is enabled, so you also need to create a rule to allow traffic in from the WAN zone.

Figure 214 NAT 1:1 Example Network Topology

LAN1

192.168.1.21

1.1.1.1

 

313

ZyWALL USG 100/200 Series User’s Guide