Motorola Router 6161252-00-01 ユーザーズマニュアル
4-34 Administrator’s Handbook
Notes on the example
The Easy-Map List and the Easy-PAT List are attached to any new Connection Profile by default. If you want to
use this NAT configuration on a previously defined Connection Profile then you need to bind the Map List to the
profile. You do this through either the NAT Associations screen or the profile’s configuration screens.
use this NAT configuration on a previously defined Connection Profile then you need to bind the Map List to the
profile. You do this through either the NAT Associations screen or the profile’s configuration screens.
The PAT par t of this example setup will allow any user on the Motorola Netopia
®
Router's LAN with an IP
address in the range of 192.168.1.6 through 192.168.1.254 to initiate traffic flow to the outside world (for
example, the Internet). No one on the Internet would be able to initiate a conversation with them.
example, the Internet). No one on the Internet would be able to initiate a conversation with them.
The Static mapping par t of this example will allow any of the machines in the range of addresses from
192.168.1.1 through 192.168.1.5 to communicate with the outside world as if they were at the addresses
206.1.1.1 through 206.1.1.5, respectively. It also allows any machine on the Internet to access any ser vice
(por t) on any of these five machines.
192.168.1.1 through 192.168.1.5 to communicate with the outside world as if they were at the addresses
206.1.1.1 through 206.1.1.5, respectively. It also allows any machine on the Internet to access any ser vice
(por t) on any of these five machines.
You may decide this poses a security risk. You may decide that anyone can have complete access to your FTP
ser ver, but not to your Router, and only limited access to the desired ser vices (por ts) on the Web and Mail
ser vers.
ser ver, but not to your Router, and only limited access to the desired ser vices (por ts) on the Web and Mail
ser vers.
To make these changes, first limit the range of remapped addresses on the Static Map and then edit the
default ser ver list called Easy-Ser vers.
default ser ver list called Easy-Ser vers.
•
First, navigate to the Show/Change Map List screen, select Easy-PAT List and then Show/Change Maps.
Choose the Static Map you created and change the First Private Address from 192.168.1.1 to
192.168.1.4. Now the Router, Web, and Mail ser vers’ IP addresses are no longer included in the range of
static mappings and are therefore no longer accessible to the outside world. Users on the Internet will not
be able to Telnet, Web, SNMP, or ping to them. It is best also to navigate to the public range screen and
change the Static Range to go from 206.1.1.5.
Choose the Static Map you created and change the First Private Address from 192.168.1.1 to
192.168.1.4. Now the Router, Web, and Mail ser vers’ IP addresses are no longer included in the range of
static mappings and are therefore no longer accessible to the outside world. Users on the Internet will not
be able to Telnet, Web, SNMP, or ping to them. It is best also to navigate to the public range screen and
change the Static Range to go from 206.1.1.5.
•
Next, navigate to Show/Change Server List and select Easy-Servers and then Add Server. You should
expor t both the Web (www-http) and Mail (smtp) por ts to one of the now free public addresses. Select
Service... and from the resulting pop-up menu select www-http. In the resulting screen enter your Web
ser ver's address, 192.168.1.2, and the public address, for example, 206.1.1.2, and then select ADD NAT
SERVER. Now return to Add Server, choose the smtp por t and enter 192.168.1.3, your Mail ser ver's IP
address for the Server Private IP Address. You can decide if you want to present both your Web and Mail
ser vices as being on the same public address, 206.1.1.2, or if you prefer to have your Mail ser ver appear
to be at a different IP address, 206.1.1.3. For the sake of this example, alias both ser vices to 206.1.1.2.
expor t both the Web (www-http) and Mail (smtp) por ts to one of the now free public addresses. Select
Service... and from the resulting pop-up menu select www-http. In the resulting screen enter your Web
ser ver's address, 192.168.1.2, and the public address, for example, 206.1.1.2, and then select ADD NAT
SERVER. Now return to Add Server, choose the smtp por t and enter 192.168.1.3, your Mail ser ver's IP
address for the Server Private IP Address. You can decide if you want to present both your Web and Mail
ser vices as being on the same public address, 206.1.1.2, or if you prefer to have your Mail ser ver appear
to be at a different IP address, 206.1.1.3. For the sake of this example, alias both ser vices to 206.1.1.2.
Now, as before, the PAT configuration will allow any user on the Motorola Netopia
®
Router's LAN with an IP
address in the range of 192.168.1.6 through 192.168.1.254 to initiate traffic flow to the Internet. Someone at
the FTP ser ver can access the Internet and the Internet can access all ser vices of the FTP machine as if it were
at 206.1.1.5. The Router cannot directly communicate with the outside world. The only communication between
the Web ser ver and the Internet is through por t 80, the Web por t, as if the ser ver were located on a machine at
IP address 206.1.1.2. Similarly, the only communication with the Mail ser ver is through por t 25, the SMTP por t,
as if it were located at IP address 206.1.1.2
the FTP ser ver can access the Internet and the Internet can access all ser vices of the FTP machine as if it were
at 206.1.1.5. The Router cannot directly communicate with the outside world. The only communication between
the Web ser ver and the Internet is through por t 80, the Web por t, as if the ser ver were located on a machine at
IP address 206.1.1.2. Similarly, the only communication with the Mail ser ver is through por t 25, the SMTP por t,
as if it were located at IP address 206.1.1.2