Configuring policy-based NAT with firewall rules

The following example configures an IPv4 network (intranet) with the subnet 192.168.80.0/24. The Internet provider has assigned a number of public IP addresses. Internet access has been set up using the Setup Wizard. Clients on the intranet are automatically masked behind the public IP address that was created with the Wizard.

Now we want to mask a server with the internal IP address 192.168.80.21 behind the public IP address 1.1.1.1.

The "return direction" of the masking, i.e. the server’s accessibility from the outside, is realized by a port-forwarding entry, which is not part of this example.

  1. Create a new action object in the firewall under Firewall/QoS > IPv4 rules > Action objects. Under Action, set the packet action to Transmit and the Policy-based NAT to 1.1.1.1.








  2. Under Firewall/QoS > IPv4 rules > Station objects create a new station object defined for the IP address 192.168.80.21.




  3. Next, go to Firewall/QoS > IPv4 rules > Firewall rules and create a filter rule.




  4. In this filter rule, go to Actions and select the new action "SERVER-NAT" that was defined above.




  5. Then go to Stations and use the newly created station object. If necessary. you can also specify the Internet line under Connection destination.








www.lancom-systems.com

LANCOM Systems GmbH | Adenauerstr. 20/B2 | 52146 Wuerselen | Germany | E-Mail info@lancom.de

LANCOM Logo