NAT Example | ZyXEL Communications P-312 guide

P312 Broadband Security Gateway

server and the other IGA is used by all. We want to map the FTP servers to the first two of our IGAs and the other LAN traffic to the remaining IGA. We also want to map out third IGA to an inside web server and mail server. We need to configure 4 rules, 2 bi-directional and 2 one directional as follows.

Rule 1. We map our first IGA to our first inside FTP server for FTP traffic in both directions (1: 1 mapping, giving both local and global IP addresses).

Rule 2. We map our second IGA to our second inside FTP server for FTP traffic in both directions (1: 1 mapping, giving both local and global IP addresses).

Rule 3. We map our other outgoing LAN traffic to IGA3 (Many : 1 mapping).

Rule 4. We also map our third IGA to our web server and mail server on the LAN. Type Server allows us to specify multiple servers, of different types, to other machines behind NAT on the LAN.

Our situation looks somewhat like this:

Figure 6-16 NAT - Example 3

Step 1. In this case we need to configure Address Mapping Set 1 from Menu 15.1 - Address Mapping Sets. Therefore we must choose the Full Feature option from the Network Address Translation field (in Menu 4 or Menu 11.3) in Figure 6-17.

Step 2. Then enter 15 from the Main Menu.

Step 3. Enter 1 to configure the Address Mapping Sets.

Step 4. Choose 1 to begin configuring this new set. Enter a Set Name, choose the Edit Action and then select 1 from Select Rule field. Press [ENTER] to confirm.

6-16

NAT

Image 89

ZyXEL Communications P-312 manual NAT Example

Contents

Prestige Trademarks CopyrightDisclaimer Federal Communications Commission FCC Interference Statement Information for Canadian Users Version Declaration of Conformity P312 Broadband Security Gateway CE Doc ZyXEL Limited Warranty Information in Menu 24.2.1 -System Information Customer Support Table of Contents LAN Port Filter Setup Chapter Advanced Management 12-1 13-1 Firewall and Content Filters 17-1 Pptp 21-1 Menu 11.1 Remote Node Profile for Ethernet Encapsulation List of Figures List Of Figures Xvii Xviii List Of Figures Xix Menu 21 Filter and Firewall Setup 14-1 List Of Figures Xxi Page List Of Tables Xxiv List of Tables Xxv Page Structure of this Manual PrefaceAbout Your Router Syntax Conventions Related Documentation Part Page Prestige 312 Broadband Security Gateway Features of The PrestigeGetting to Know Your Prestige Time and Date Setting Dhcp Dynamic Host Configuration ProtocolDynamic DNS Support IP Multicast Upgrade Prestige Firmware via LAN Broadband Internet Access via Cable or xDSL ModemApplications for Prestige Logging and Tracing Secure Internet Access via DSL Front Panel LEDs and Back Panel Ports Hardware Installation & Initial SetupFront Panel LEDs LED functions WAN Prestige 312 Rear Panel and Connections Additional Installation Requirements Power Up Your Prestige HousingEntering Password Initial Screen Navigating the SMT Interface Main Menu CommandsOperation Keystrokes Description Enter System Management Terminal Interface Summary Main MenuPrestige 312 Main Menu Main Menu Summary Resetting the Prestige Changing the System Password Dyndns Wildcard General SetupDynamic DNS General Setup Menu Field Configuring Dynamic DNSConfigure Menu 1.1 Configure Dynamic DNS discussed next Field Description Example Configure Dynamic DNS Menu Fields WAN SetupYes Me.ddns.org WAN Setup Menu Fields LAN Setup 10 Menu 3 LAN Setup LAN Port Filter Setup Factory LAN Defaults Internet AccessTCP/IP and Dhcp for LAN IP Address and Subnet Mask Private IP Addresses RIP Setup IP Pool Setup Dhcp ConfigurationIP Multicast DNS Server Address Physical Network Partitioned Logical Networks TCP/IP and Dhcp Ethernet SetupIP Alias Menu 3 LAN Setup 10/100 Mbps Ethernet LAN TCP/IP Setup Menu Fields LAN Dhcp Setup Menu Fields IP Alias Setup Menu Fields IP Alias SetupMenu 3.2.1 IP Alias Setup Ethernet Encapsulation Internet Access SetupOnly/Out Only RIP-1 Pptp Encapsulation Internet Access Setup Menu Fields PPPoE Encapsulation Configuring the Pptp ClientNew Fields in Menu 4 Pptp screen Prestige automatically disconnects from the Pptp server Internet Access Setup PPPoE New Fields in Menu 4 PPPoE screen Basic Setup Complete Advanced Applications Remote Node Profile Remote Node Setup Fields in Menu Nailed-Up Connection Fields in Menu 11.1 PPPoE Encapsulation Specific Fields in Menu 11.1 Pptp Encapsulation Remote Node Network Layer Options Menu Fields Editing TCP/IP Options with Ethernet Encapsulation Private Editing TCP/IP Options with Pptp EncapsulationVersion 2B/RIP-2M and None Multicast Remote Node Network Layer Options Editing TCP/IP Options with PPPoE Encapsulation Remote Node FilterYes/No None/In Only/Out Only and None Remote Node Filter Ethernet Encapsulation Example of Static Routing Topology IP Static Route Setup Menu 12 IP Static Route Setup IP Static Route Setup Field Description IP Static Route Menu FieldsPage Introduction Network Address Translation NATNAT Definitions What NAT Does NAT Mapping Types How NAT works Type IP Mapping SMT abbreviation SUA Single User Account Versus NATNAT Mapping Types Applying NAT in the SMT Menus SMT MenusNAT Application Applying NAT for Internet Access Field Options Description Network Full Feature Configuring NATAddress Mapping Sets and NAT Server Sets Applying NAT in Menus 4 Menu 15.1 Address Mapping Sets Server Field Description Options/Example Menu Ordering Your Rules Editing an Individual Rule in a Set Menu 15.1.1.1 configuring an individual rule Multiple Servers behind NAT NAT Server Sets 10 Multiple Servers Behind NAT Configuring a Server behind NAT Examples Internet Access OnlyServices Port Number NAT Example 13 Internet Access & NAT Example Example 3 General Case Example 2 Internet Access with an Inside Server 16 NAT Example 17 Example 3 Menu 19 Example 3 Final Menu 21 NAT Example Example 4 -NAT Unfriendly Application Programs 22 Example 4- Menu 15.1.1.1 Address Mapping Rule Advanced Management Page About Filtering Filter Configuration Filter Structure of the Prestige Rule Forward Drop Filter Rule Process Menu 21 Filter and Firewall Setup Configuring a Filter Set NetBIOSWAN Filter Rules Summary Abbreviations Used in the Filter Rules Summary Menu Filter Rules Summary MenuAbbreviations Description Display Action Not Matched will be N/A Refers to Action Matched 3 TCP/IP Filter Rule Configuring a Filter RuleAbbreviations Used If Filter Type Is IP Abbreviations Used If Filter Type Is GEN TCP/IP Filter Rule Menu Fields Menu 21.1.1.1 TCP/IP Filter Rule Equal/Not Equal None/Less/GreaterYes / No Action Matched Following diagram illustrates the logic flow of an IP filter 10 Executing an IP Filter 11 Menu 21.4.1.1 Generic Filter Rule Generic Filter Rule Generic Filter Rule Menu Fields 12 Telnet Filter Example Example Filter 13 Example Filter Menu 14 Example Filter Rules Summary Menu Filter Types and NAT LAN traffic Applying a Filter and Factory DefaultsFirewall 16 Filtering LAN Traffic Remote Node Filters About Snmp Snmp ConfigurationConfiguring Snmp Field Description Default Snmp Configuration Menu Fields System Information & Diagnosis Menu 24 System Maintenance System Status Menu 24.1 System Maintenance Status PPPoE Encapsulation System Maintenance Status Menu FieldsLAN Dhcp System Information System Information and Console Port Speed Console Port Speed Fields in System MaintenanceLog and Trace Unix Syslog Viewing Error Log CDR System Maintenance Menu Syslog ParametersParameter Description CDR PPP log Call-Triggering Packet Diagnostic WAN Dhcp 10 Menu 24.4 System Maintenance Diagnostic Number Field Description System Maintenance Menu DiagnosticInternet Setup in Menu 4 Internet Access Filename conventions Transferring Files Command Backup ConfigurationFirmware Development Filename Conventions Uploading the Router Firmware Restore ConfigurationUpload Firmware Menu 24.7.1 System Maintenance Upload Router Firmware Uploading Router Configuration File Tftp File Transfer Third Party Tftp Clients -General fields Example Tftp Command Telnet into Menu FTP File Transfer Telnet into Menu 24.7.2 System Maintenance Using the FTP command from the DOS Prompt Third Party FTP Clients -General fields Page Valid Commands System Maintenance & InformationCommand Interpreter Mode Call Control Call Control SupportBudget Management Call History Call History Call History Fields Time and Date SettingHow often does the Prestige update the time? System Maintenance & Information 11-5 Menu 24.11 Remote Management Control Remote Management Setup Option to Enter Debug Mode Boot Commands Boot Module Commands About Telnet Configuration Telnet Configuration and CapabilitiesSingle Administrator Telnet Under NAT Telnet Under the Firewall System Timeout Firewall and Content Filters Types of Firewalls What is a FirewallPacket Filtering Firewalls Application-level Firewalls Stateful Inspection firewalls Introduction to ZyXEL’s Firewall Basics Denial of Service Common IP Ports Types of DoS attacks SYN Flood Smurf Attack Stateful Inspection Stateful Inspection Stateful Inspection Process TCP Security Stateful Inspection & the Prestige Upper Layer Protocols Guidelines For Enhancing Security With Your Firewall13.4.4 UDP/ICMP Security Security In General What Is a Firewall? 13-11 Page SMT Main Menu Introducing the Prestige Firewall Attack Types View Firewall LogLand IP Spoofing Illegal Commands NetBIOS and Smtp Icmp Commands That Trigger AlertsLegal NetBIOS Commands Legal Smtp Commands Teardrop Traceroute Big Picture Filtering, Firewall and NAT Packet Filtering Packet Filtering Vs Firewall Firewall When To Use FilteringWhen To Use The Firewall Page Web Configurator Login and Welcome Screens Introducing the Prestige Web Configurator Enabling the Firewall Prestige Web Configurator Welcome Screen What are Alerts? Mail Mail Screen What are Logs? Mail Example E-Mail Log Smtp Error MessagesSmtp Error Messages Mail Log Attack Alert TCP Maximum Incomplete And Blocking Time Threshold ValuesHalf-Open Sessions Attack Alert Existing half-open sessions Field Description Default Values Do not set Maximum Incomplete High to When TCP Maximum Incomplete isPage Creating Custom Rules Rule ChecklistRules Overview Rule Logic Overview Security Ramifications Key Fields For Configuring Rules WAN to LAN Rules Connection DirectionLAN to WAN Rules WAN to LAN Traffic Services Supported Service Description Services Supported Firewall Rules Summary First Screen Rule Summary Match Block Field Description Option Creating/Editing Firewall Rules Creating/Editing a Firewall Rule Source & Destination Addresses Single Address Adding/Editing Source & Destination AddressesRange Address Subnet Address Factors Influencing Choices for Timeout Values Timeout Timeout Screen Hour Timeout MenuField Description Default Value Custom Ports Custom Ports Creating/Editing a Custom Port Creating/Editing a Custom Port Range Single Log Screen LogsLog Screen Command, traceroute, teardrop, or syn Vulnerability, NetBIOS, smtp illegalJan 1 Src IP, dest port, src port and protocol Logs 18-3 Page Example Firewall Rules Activate The Firewall Example 1 E-Mail Screen Example 1 Configuring a Rule Example Firewall Rules 19-5 Example 1 Rule Summary Screen Example 2 Small Office With Mail, FTP and Web Servers Send Alerts When Attacked Configuring a POP Custom Port Example 2 Local Network Rule 1 Configuration Example 2 Local Network Rule Summary 10 Example 2 Internet to Local Network Rule Summary 11 Custom Port for Syslog 12 Syslog Rule Configuration 13 Example 3 Rule Summary Restrict Web Features Content FilteringActiveX Java Blocking URLs Content Filtering Using the Web ConfiguratorCookies Web Proxy Block Web URLs Content Filtering FieldsField Description Restrict Web Features Troubleshooting, Appendices, Glossary and Index Page Problems Starting Up the Prestige TroubleshootingTroubleshooting the Start-Up of your Prestige Problem Corrective Action Problems with the WAN interface Problems with the LAN InterfaceTroubleshooting the LAN Interface Troubleshooting the WAN interface Troubleshooting Internet Access Problems with Internet AccessProblems with the Firewall Page Appendix a PPPoE Diagram 1 Single-PC per Modem Hardware ConfigurationPPPoE in Action Benefits of PPPoE Prestige as a PPPoE Client Diagram 2 Prestige as a PPPoE ClientHow PPPoE Works Appendix B What is PPTP?Pptp and the Prestige Pptp Protocol Overview Control & PPP connections IRD + OTD + Appendix C Hardware SpecificationsMtbf Appendix D Important Safety Instructions Function CLI Syntax Appendix E Firewall CLI Commands Sets Function CLI Syntax Description P312 Broadband Security Gateway Delete AC Power Adapter Specifications Appendix F Power Adapter Specs P312 Broadband Security Gateway CDR Chap Glossary of TermsARP CSU/DSU DCE Dslam Dram DSLDTE EMI FCC FAQFTP Hdlc MAC Ipcp PPP IPXIRC ISP Ndis NATNIC PAP Pstn POPPots PPP RFC PVCRIP SAP STP SpamSUA TCP Tftp VPN Page Ddns Index Encapsulation 2-11, 2-12, 3-4 13-6 15-1 ZyNOS