The Graveyard - Products No Longer Supported > D-Link NetDefend Firewalls

DFL-260E DMZ to WAN problem

(1/1)

s_schaffert:
I have a DFL-260E configured to one-to-one map multiple WAN IPs to multiple DMZ IPs for multiple servers.  The problem I am having is that the Mail Server uses the primary WAN IP to send mail rather than the Published IP defined in ARP/Neighbor Discovery assigned to it for use in the SAT and NAT rules.

I used this procedure setup SAT and NAT for each server in the DMZ:

Add the objects of both public and DMZ IP addresses for the server
Go to Objects -> Address Book -> Interface Addresses
   Click Add
   Name it eg(webpower_public_ip
   IP it eg(209.218.29.10)
   Click OK
   Click Add
   Name it eg(webpower_dmz_ip)
   IP it eg(192.168.1.10)
   Click OK
Create the objects in the ARP table
Go to Network -> ARP/Neighbor Discovery
   Click Add
   Click ARP/Neighbor Discovery
   Mode = Publish
   Interface = WAN
   IP Address eg(webpower_public_ip)
   MAC Address = default (00-00-00-00-00-00)
   Click OK
Create IP rule to map server (SAT)
Go to Policies -> Main IP Rules
   Click Add
   Click IP Rule
   Name it eg(webpower_http_map)
   Action = SAT
Address Filter
   Source Interface = any
   Source Network = all-nets
   Destination Interface = wan
   Destination Network  eg(webpower_public_ip)
   Service http-all
   Schedule = none
Static Address Translation
   SAT Translate = Destination IP
   New IP Address eg(webpower_dmz_ip)
Logging and Comments
   Logging = on    default
   Click OK
Create IP rule to allow Server NAT
Go to Policies -> Main IP Rules
   Click Add
   Name it eg(allow_webpower_http)
   Action = NAT
Address Filter
   Source Interface = any
   Source Network = all-nets
   Destination Interface = wan
   Destination Network  eg(webpower_public_ip)
   Service http-all
   Schedule = none
Network Address Translation
   NAT Translate = Use Interface Address
Application Control
Application Control = off
Logging and Comments
   Logging = on    default
        Click OK
Save and Activate the Configuration
Go to Configuration
   Click Save and Activate

The servers would respond to requests from the WAN but were not able to make Internet request until i added the following rule:
Name: dmz_to_wan
Action: NAT
Address Filter
          Source Interface: dmz



s_schaffert:
My current firewall (Smoothwall Corporate Firewall 5) calls the solution "Source Mapping"

Any help would be appreciated.
Thank you,
Stuart

FurryNutz:
I recommend that you phone contact your regional D-Link support office and ask for help and information regarding this. We find that phone contact has better immediate results over using email.
Let us know how it goes please.

Navigation

[0] Message Index

Go to full version