Справочник Пользователя для D-Link DSR-1000
Unified Services Router
User Manual
73
Example 3: Multi-NAT configuration
Situation: You want to configure multi-NAT to support multiple public IP
addresses on one WAN port interface.
addresses on one WAN port interface.
Solution: Create an inbound rule that configures the firewall to host an additional
public IP address. Associate this address with a web server on the DMZ. If you
arrange with your ISP to have more than one public IP address for your use, you can
use the additional public IP addresses to map to servers on your LAN. One of these
public IP addresses is used as the primary IP address of the router. This address is
used to provide Internet access to your LAN PCs through NAT. The other addresses
are available to map to your DMZ servers.
public IP address. Associate this address with a web server on the DMZ. If you
arrange with your ISP to have more than one public IP address for your use, you can
use the additional public IP addresses to map to servers on your LAN. One of these
public IP addresses is used as the primary IP address of the router. This address is
used to provide Internet access to your LAN PCs through NAT. The other addresses
are available to map to your DMZ servers.
The following addressing scheme is used to illustrate this procedure:
WAN IP address: 10.1.0.118
LAN IP address: 192.168.10.1; subnet 255.255.255.0
Web server host in the DMZ, IP address: 192.168.12.222
Access to Web server: (simulated) public IP address 10.1.0.52
E
x
a
m
p
l
e
4
:
B
l
o
c
x
a
m
p
l
e
4
:
B
l
o
c
Example 4: Block traffic by schedule if generated from specific range of machines
Use Case: Block all HTTP traffic on the weekends if the request originates from a
specific group of machines in the LAN having a known range of IP addresses, and
anyone coming in through the Network from the WAN (i.e. all remote users).
specific group of machines in the LAN having a known range of IP addresses, and
anyone coming in through the Network from the WAN (i.e. all remote users).
Configuration:
1.
Setup a schedule:
To setup a schedule that affects traffic on weekends only, navigate to
Security: Schedule, and name the schedule ―Weekend‖
Define ―weekend‖ to mean 12 am Saturday morning to 12 am Monday
morning – all day Saturday & Sunday
Parameter
Value
From Zone
Insecure (WAN1/WAN2/WAN3)
To Zone
Public (DMZ)
Service
HTTP
Action
ALLOW always
Send to Local Server (DNAT IP)
192.168.12.222 ( web server local IP address)
Destination Users
Single Address
From
10.1.0.52
WAN Users
Any
Log
Never