Versionen im Vergleich

Alte Version 3

changes.mady.by.user LANCOM Redaktion

Gespeichert am

verglichen mit

Neue Version 4

changes.mady.by.user LANCOM Redaktion

Gespeichert am

Schlüssel

  • Diese Zeile wurde hinzugefügt.
  • Diese Zeile wurde entfernt.
  • Formatierung wurde geändert.
Seiteneigenschaften



Description:

As of LCOS version 10.20, it is possible to operate WAN policy-based NAT.

WAN policy-based NAT allows address translation (masking) of connections based on firewall rules. You can now configure which WAN-IPv4 address assigned by the provider is used to mask internal addresses.

This feature is ideal for scenarios where a provider assigns multiple static IPv4 addresses, e.g. for operating mail servers and web servers with different WAN addresses.



Requirements:



Scenario:
  • The ISP provides the subnet 87.65.33.0/29 on the WAN side.
  • The address 87.65.33.0 is the network address and 87.65.33.7 is the broadcast address in this subnet, resulting in it six usable public addresses, one of which is reserved for the gateway (provider device).

    In this example, the gateway has the public IP address 87.65.33.1. The public IP addresses 87.65.33.2 – 87.65.33.6 can be used freely. Defined for this address range is an IPoE remote site, which is masked.
  • There are three local networks. The local network INTRANET is to be masked behind the IP address 87.65.33.2, the local network PUBLIC behind the 87.65.33.3, and the local network FON behind the 87.65.33.4.
  • The “return connection” of the masquerading, i.e. the accessibility of a server from the outside, is realized via one or more port-forwarding entries, which are not a part of this example (see
Image Removed
Image Removed




Procedure:

1) Under Firewall/QoS -> IPv4 rules -> Action objects, create a new firewall action object for each of the three public IP addresses.
Image Removed



2) On the Actions tab, set the Packet action to Transmit and then enable Policy-based NAT for each of the public IP address.
  • The parameter must be entered as a fixed IP address. Dynamic IP addresses are not supported.
  • NAT is only possible if a WAN interface is involved. NAT is not supported between two LAN interfaces..
Image Removed




3) Under Firewall/QoS -> IPv4 rules -> Station objects, add a new station object for each of the IP address ranges for each of the three local networks.
Image Removed



4) You then create a separate firewall rule for each local network and the associated public IP addresses.

This is shown as an exemple in the following figure for the local network INTRANET and the public IP address 87.65.33.2.

Image Removed




5) The new firewall rules should then appear as follows:

Image Removed




6) Write the configuration back to the LANCOM router.