SonicWALL 3 Benutzerhandbuch
82
S
ONIC
WALL S
ONIC
OS S
TANDARD
3.0 A
DMINISTRATOR
’
S
G
UIDE
C
HAPTER
10: Configuring One-to-One NAT
4 Enter the beginning IP address of the valid address range being mapped in the Public Range
Begin field. This address should be assigned by your ISP and be in the same logical subnet as the
NAT public IP address.
NAT public IP address.
S
Alert: Do not include the SonicWALL security appliance WAN IP (NAT Public) Address or the WAN
Gateway (Router) Address in this range.
Gateway (Router) Address in this range.
5 Enter the number of public IP addresses that should be mapped to private addresses in the Range
Length field. The range length can not exceed the number of valid IP addresses. Up to 64 ranges
can be added. To map a single address, enter a Range Length of 1.
can be added. To map a single address, enter a Range Length of 1.
6 Click OK.
7 Click Apply. Once the SonicWALL security appliance has been updated, a message confirming
the update is displayed at the bottom of the browser window.
S
Alert: One-to-One NAT maps valid, public IP addresses to private LAN or OPT IP addresses. It does
not allow traffic from the Internet to the private LAN.
not allow traffic from the Internet to the private LAN.
9
Tip: After One-to-One NAT is configured, create an Allow rule to permit traffic from the Internet to the
private IP address(es) on the LAN or OPT.
private IP address(es) on the LAN or OPT.
To edit an existing entry in the One-to-One Network Address Translation (NAT) Ranges, click the edit
icon. To delete an entry, click the delete
icon. To delete all entries, click Delete All.
One-to-One NAT Configuration Example
This example assumes that you have a SonicWALL security appliance running in the NAT-enabled
mode, with IP addresses on the LAN in the range 192.168.1.1 - 192.168.1.254, and a WAN IP
address of 208.1.2.2. Also, you own the IP addresses in the range 208.1.2.1 - 208.1.2.6.
mode, with IP addresses on the LAN in the range 192.168.1.1 - 192.168.1.254, and a WAN IP
address of 208.1.2.2. Also, you own the IP addresses in the range 208.1.2.1 - 208.1.2.6.
S
Alert: If you have only one IP address from your ISP, you cannot use One-to-One NAT.
You have three web servers on the LAN with the IP addresses of 192.168.1.10, 192.168.1.11, and
192.168.1.12. Each of the servers must have a default gateway pointing to 192.168.1.1, the
SonicWALL security appliance LAN IP address.
192.168.1.12. Each of the servers must have a default gateway pointing to 192.168.1.1, the
SonicWALL security appliance LAN IP address.
You also have three additional IP addresses from your ISP, 208.1.2.4, 208.1.2.5, and 208.1.2.6, that
you want to use for three additional web servers. Use the following steps to configure One-to-One
NAT:
you want to use for three additional web servers. Use the following steps to configure One-to-One
NAT:
1 Select Enable One-to-One NAT.
2 Click Add. The Add NAT Entry window is displayed
3 Enter in the IP address, 192.168.1.10, in the Private Range Begin field.
4 Enter in the IP address, 208.1.2.4, in the Public Range Begin field.
5 Enter in 3 in the Range Length field.
9
Tip: You can configure the IP addresses individually, but it is easier to configure them in a range.
However, the IP addresses on both the private and public sides must be consecutive to configure a
range of addresses.
However, the IP addresses on both the private and public sides must be consecutive to configure a
range of addresses.
6 Click OK.
7 Click Apply.
8 Click Firewall, then Access Rules.
9 Click Add.