D-Link Forums

The Graveyard - Products No Longer Supported => D-Link NetDefend Firewalls => Topic started by: yoteur on March 22, 2010, 04:59:34 AM

Title: DFL-800 SAT and NAT
Post by: yoteur on March 22, 2010, 04:59:34 AM

Hi all!

I want to send http traffic (arriving on my dlink via public IP (publish is created)) to my web server to its internal IP.

The internal IP is in an interface vlan.
I had a allow rule to permit allnets to go via httpinall to wan1(dlink) and wan ip of my webserver (publish).
I had a SAT rule to translate dest ip (public ip) to my webserver (lan ip in a vlan).
I had a NAT rule to translate sender ip (public ip) to the interface (Use Interface Address) but I don't know which interface that use?
It doesn't works I see public request on the dlink but nothing on the webserver on port 80?
I try the last rule with speciffy sender address (which exist in ARP publish and moreover its an adress in a vlan) it is the second lan ip of my dlink.
Its doesn't work... nothing on the web server in port 80, just public request OK on the dlink (status -> connexion destination public ip).

Could help me to find the problem?
Thanks,
Yoteur

Title: Re: DFL-800 SAT and NAT
Post by: danilovav on March 22, 2010, 06:10:26 AM

You need to make just 2 rules - SAT and Allow like below

SAT wan1/all-nets core/wan1_ip http-in (new dest = yourprivatehost)
Allow wan1/all-nets core/wan1_ip http-in

But, your private host should has DFL as default gateway. If it's not possible, change Allow action to NAT.

Title: Re: DFL-800 SAT and NAT
Post by: yoteur on March 22, 2010, 06:15:12 AM

Hi!
Thanks for your reply.

That's the problem my private host can't have my DFL800 as default GW.
As a consequence I try to NAT the sender IP in order to permit my web server to respond to the client.

Do you know another way to do this?

Regards
Yoteur

Title: Re: DFL-800 SAT and NAT
Post by: yoteur on March 22, 2010, 06:32:28 AM

Sorry I have not seen the end of your post.

I have changed my rule from allow to NAT and it doesn't work...
I try with use sender address and with use specific adress...
I have desactivated the old NAT rule so I have just the SAT rule and the allow rule changed to NAT.
The interface I want to use for the NAT is a vlan interface.
Do you see what is the problem now?

Thanks
Yoteur

Title: Re: DFL-800 SAT and NAT
Post by: yoteur on March 22, 2010, 06:57:24 AM

Ok that works thanks.
The last problem was the order of the rules...
It must be:
1 SAT
2 NAT with user sender adress.
Thanks a lot
Yoteur

Title: Re: DFL-800 SAT and NAT
Post by: danilovav on March 22, 2010, 11:25:07 AM

In most of cases, will be enouth to change Allow to NAT. But sometimes you need to specify special sender address in NAT rule.

Anyway, good that it's working.