D-Link DFL-1000 User Manual
DFL-1000 User Manual
56
NAT/Route mode and you do not require NAT for connections between the internal network and the DMZ
network. Configuring a routing policy is similar to configuring a NAT policy except that you do not select
NAT when you configure the policy.
network. Configuring a routing policy is similar to configuring a NAT policy except that you do not select
NAT when you configure the policy.
You can use routing policies for connections between two networks if addresses are routable between
these two networks.
these two networks.
To add a routing Int -> DMZ policy:
• Add an address for the server to the DMZ address list.
• Add an address for the server to the DMZ address list.
See
Addresses
.
• Go to Firewall > Policy > Int -> DMZ .
• Select New to add a new policy.
• Configure the policy.
• Select New to add a new policy.
• Configure the policy.
Source
Internal_All.
Destination
The address added in step 1.
Schedule
Always.
Service
Select a service to match the server in the DMZ network.
For a web server, select HTTP.
For a web server, select HTTP.
Action
Select ACCEPT.
NAT
Do not select NAT.
Authentication
Select Authentication and select a user group if you want users on the internal network to
authenticate with the firewall before accessing the server.
authenticate with the firewall before accessing the server.
Web filter
Select Web filter if service is set to HTTP, SMTP, POP3, or IMAP to apply content filtering to the
network traffic allowed by this policy.
network traffic allowed by this policy.
• Select OK to save the policy.
• Arrange the policy in the policy list to produce the results that you expect.
• Arrange the policy in the policy list to produce the results that you expect.
Arranging policies in a policy list is described in
Configuring policy lists
.
Transparent mode policy for public access to a server
The following example policy, to accept connections at the external interface and forward them to the
internal interface, is similar to any Transparent mode policy.
internal interface, is similar to any Transparent mode policy.
To add a Transparent mode policy between the external interface and the internal interface:
• Add an address for the server to the internal interface address list.
• Add an address for the server to the internal interface address list.
See
Addresses
.
• Go to Firewall > Policy > Ext -> Int .
• Select New to add a new policy.
• Configure the policy.
• Select New to add a new policy.
• Configure the policy.
Source
External_All.
Destination
The address added in step 1.
Schedule
Always.
Service
Select a service to match the Internet server.
For a web server, select HTTP.
For a web server, select HTTP.