ZyXEL Communications ZyWALL 1000 6.6.3 NAT 1:1 Policy Route, 6.6.2 NAT 1:1 Virtual Server

Chapter 6 Tutorials

This section sets up a virtual server rule that changes the destination of SMTP traffic coming to IP address 1.1.1.1 at the ZyWALL’s ge3 (WAN) interface, to the LAN SMTP server’s IP address (192.168.1.21). This is also called Destination NAT (DNAT)

Figure 92 NAT 1:1 Example Virtual Server

NAT

SMTPSMTP

192.168.1.21

The ge3 WAN interface has a different IP address than 1.1.1.1, so in order for the ZyWALL gateway to be able to do ARP resolution correctly, you need to create a ge3 virtual server entry. In the Network > Virtual Server screen, click the + symbol and create a new virtual server entry as shown next. This entry maps TCP port 25 (SMTP) traffic coming to IP address

1.1.1.1on ge3 to the IP address of the SMTP server (192.168.1.21). In this example the SMTP server also uses port 25, so the Mapped Port is set to 25.

Figure 93 Create a Virtual Server

This section sets up a policy route for the traffic coming from the LAN SMTP server to the ZyWALL’s ge1 (LAN) interface. It changes the source address from 192.168.1.21 to 1.1.1.1. This is also called Source NAT (SNAT). It sends the traffic out through ge3 (a WAN interface).