Справочник Пользователя для SonicWALL 5.8.1
Network > NAT Policies
356
SonicOS 5.8.1 Administrator Guide
Creating NAT Policies
NAT policies allow you the flexibility to control Network Address Translation based on matching
combinations of Source IP address, Destination IP address, and Destination Services. Policy-
based NAT allows you to deploy different types of NAT simultaneously. This section contains
the following subsections:
combinations of Source IP address, Destination IP address, and Destination Services. Policy-
based NAT allows you to deploy different types of NAT simultaneously. This section contains
the following subsections:
•
•
•
•
•
•
•
•
For this chapter, the examples use the following IP addresses as examples to demonstrate the
NAT policy creation and activation. You can use these examples to create NAT policies for your
network, substituting your IP addresses for the examples shown here:
NAT policy creation and activation. You can use these examples to create NAT policies for your
network, substituting your IP addresses for the examples shown here:
•
192.168.10.0/24 IP subnet on interface X0
•
67.115.118.64/27 IP subnet on interface X1
•
192.168.30.0/24 IP subnet on interface X2
•
X0 IP address is 192.168.10.1
•
X1 IP address is 67.115.118.68
•
X2 ‘Sales’ IP address is 192.168.30.1
•
Web server’s “private” address at 192.168.30.200
•
Web server’s “public” address at 67.115.118.70
•
Public IP range addresses of 67.115.118.71 – 67.115.118.74
Creating a Many-to-One NAT Policy
Many-to-One is the most common NAT policy on a SonicWALL security appliance, and allows
you to translate a group of addresses into a single address. Most of the time, this means that
you’re taking an internal “private” IP subnet and translating all outgoing requests into the IP
address of the WAN interface of the SonicWALL security appliance (by default, the X1
interface), such that the destination sees the request as coming from the IP address of the
SonicWALL security appliance WAN interface, and not from the internal private IP address.
you to translate a group of addresses into a single address. Most of the time, this means that
you’re taking an internal “private” IP subnet and translating all outgoing requests into the IP
address of the WAN interface of the SonicWALL security appliance (by default, the X1
interface), such that the destination sees the request as coming from the IP address of the
SonicWALL security appliance WAN interface, and not from the internal private IP address.
This policy is easy to set up and activate. From the Management Interface, go to the Network
> NAT Policies page and click on the Add button. The Add NAT Policy window is displayed
for adding the policy. To create a NAT policy to allow all systems on the X2 interface to initiate
traffic using the SonicWALL security appliance’s WAN IP address, choose the following from
the drop-down boxes:
> NAT Policies page and click on the Add button. The Add NAT Policy window is displayed
for adding the policy. To create a NAT policy to allow all systems on the X2 interface to initiate
traffic using the SonicWALL security appliance’s WAN IP address, choose the following from
the drop-down boxes:
•
Original Source: X2 Subnet
•
Translated Source: WAN Primary IP
•
Original Destination: Any
•
Translated Destination: Original