• Kiếm tiền với Hostinger

    Kiếm Tiền Cùng Hostinger

    Bạn đang tìm kiếm cách kiếm thêm thu nhập online? Hãy tham gia ngay chương trình Affiliate của Hostinger! Với mỗi khách hàng đăng ký thông qua liên kết của bạn, bạn sẽ nhận được khoản hoa hồng hấp dẫn.

    Hostinger cung cấp các dịch vụ lưu trữ web (hosting) chất lượng cao với mức giá cạnh tranh, giúp bạn dễ dàng giới thiệu và thu hút người dùng.

    Đừng bỏ lỡ cơ hội tuyệt vời này để tăng thêm thu nhập thụ động.

    Tham Gia Ngay

Configure NAT policies on the Sonicwall firewall

TigerDao

Administrator
Thành viên BQT
Network Address Translation (NAT) on SonicOS Enhanced allows users to define NAT policies for their incoming and outgoing traffic. This article will introduce the different NAT policies that can be configured on SonicWall firewall.

1.Many to One NAT :

– This is a common NAT policy that allows you to compile a group of addresses into a single address. This means you translate an internal (Private Subnet) address into the IP address of the SonicWall WAN port. In this case, the destination sees the request sent from the SonicWall WAN interface’s IP address, not from the internal IP address.

– Sonicwall by default has a NAT policy configured that allows all outgoing requests to be translated into SonicWall’s primary WAN interface IP address.

– To view the default NAT policies configured on SonicWall, go to Policies|Rules and Policies|NAT Rules.


(IMG)


– The image below is the configuration menu of the default NAT policy to translate outbound traffic into the IP address of the X1 Interface.


(IMG)

(IMG)

2.One to One NAT:

– This is a NAT policy that allows you to compile an Internal IP address into a single IP address. Most often this policy is used to map a server’s private IP address to a public IP address that allows accessing the server from the internet, with the permission of a firewall access rule.

– In this example we will use a server using HTTP service.


+ Create Address Objects:

– Select Object at the top of the page, go to Match objects|Addresses.

– Select button Add to create two address objects for the server IP address and public IP.


Address Object for Server

  • Name: Webserver Private
  • Zone Assignment: LAN
  • Type: Host
  • IP Address: 192.168.1.100
(IMG)


Address Object for Server’s Public IP


  • Name: Webserver Public
  • Zone Assignment: WAN
  • Type: Host
  • IP Address: 1.1.1.1
(IMG)


+ Create Inbound NAT Policy



– This policy allows you to translate public IP addresses into private IP addresses. This NAT policy combined with an access rule allows any source to connect to the internal server using a public IP address.

– From SonicWall’s management GUI, select Policies at the top of the page.

– Go Rules and Policies| NAT Rules.

– Select Add and configure as below.


  • Original Source: Any
  • Translated Source: Original
  • Original Destination: Webserver Public
  • Translated Destination: Webserver Private
  • Original Service: HTTP
  • Translated Service: Original
  • Inbound Interface: X1
  • Outbound Interface: Any
  • Enable NAT Policy: Checked
(IMG)

(IMG)
  • Create a reflexive policy: You can enable this feature in the Advanced section. It will then automatically create a mirror NAT policy (outbound or inbound) of the NAT policy we just created, an example of a reflexive policy is below.
(IMG)

(IMG)

3.DNS Loopback NAT Policy:

– The purpose of DNS Loopback NAT Policy allows hosts on the LAN or DMZ to access the web server on the LAN using the server’s public IP address.

– Go Rules and Policies| NAT Rule.

– Select Add and configure as below.


  • Original Source:Firewalled Subnets
  • Translated Source:Webserver Public
  • Original Destination:Webserver Public
  • Translated Destination:Webserver Private
  • Original Service:HTTP
  • Translated Service:Original
  • Inbound Interface:Any
  • Outbound Interface:Any
  • Enable NAT Policy:Checked
(IMG)

(IMG)

4.Inbound Port Address Translation via WAN (X1) IP Address :

– Allows you to use Sonicwall’s WAN IP address to provide access to multiple servers internally. In the example below we will set up access to two internal Web servers using SonicWall’s WAN IP address, each of which will be assigned a unique port.

+ Create two different ports:

– Select Object at the top of the page, go to Match Objects| Services.

– Select Add to create the port used by the server.

– In the example below, Webserver 1 uses port 4433 and Webserver 2 uses port 4434.


(IMG)

(IMG)

+ Create two address objects:

– Select Object at the top of the page, go to Match Objects | Addresses

– Select Add to create


(IMG)

(IMG)

+ Create inbound NAT Policies:

– We will create a NAT policy that assigns the created custom port to the ports that are actually listening on the server.

– Select Policy at the top of the page

– Go Rules and Policies | NAT Rules

– Select Add to create according to the configuration below.

– Both private IP addresses are compiled from the same public IP address but based on different source ports. To access web server 192.168.1.100, user from internet enter on their browser, similarly access web server 192.168.1.101, enter https://1.1.1.1:4434.


(IMG)

(IMG)

(IMG)

(IMG)



– Outbound NAT policies will need to be created if traffic generated from servers is isolated, you can use the Create a Reflexive policy in section Advanced/Actions.


(IMG)

!!! Thank you for following the article!!!

Xem tiếp...
 
Top