Description:

This document describes how to configure the translation of private addresses in the DMZ into publicly accessible addresses.


Requirements:


Procedure:

1. First, you c onfigure the DMZ IP address.



2. For security reasons you should additionally activate the private mode for the corresponding ports. You can make this setting under the following menu item: Configuration -> Interfaces -> LAN -> Ethernet ports.



3. You then switch off IP masquerading of the default route.



4. In the N:N table you then add the entries which translate the server addresses from the DMZ into public addresses.
Example for a mail server:

  • The mail server with the IP address
192.168.1.2
  • is to be translated to the public address
217.217.217.217
  • .


  • To do this, switch to the following menu item:
Configuration -> IP router -> N:N mapping -> N:N NAT table
  • .


  • Specify here the netmask associated with the IP addresses entered.


  • The netmask applies to both IP address ranges (original and translated), because N:N-address mapping (NAT, network address translation, in this case N:N NAT) requires that the original and the translated IP networks are of equal size.


  • If you only need to translate one single IP address, enter the netmask
255.255.255.255
  • .



5. The server can now be contacted from the WAN via its public IP address.



All LANCOM products and software versions are subject to LANCOM Software Lifecycle Management.
You can find information on our website at https://www.lancom-systems.com/products/firmware/software-lifecycle-management

© 2025 LANCOM Systems GmbH