Astaro User Bulletin Board
Go Back   Astaro User Bulletin Board > Astaro Gateway Products > Network Security: Firewall, NAT, QoS, IPS and more
Reload this Page Set up NAT with block of IPs from ISP
Register FAQ Members List Calendar Search Today's Posts Mark Forums Read

Welcome to the Astaro User Bulletin Board.
If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below.

Reply
 
LinkBack Thread Tools Display Modes
  #1 (permalink)  
Old 02-18-2004, 07:14 PM
Junior Member
  
Join Date: Aug 2003
Posts: 12
Default Set up NAT with block of IPs from ISP
I have a block of 5 usable IP's from my ISP. I would like to set up NAT to map all of the address to certian servers inside.

Astaro V4

192.168.1.201 = Internal_If (STD Ethernet)

x.x.x.128 = Network
x.x.x.129 = Router to ISP (My Gateway)
x.x.x.130 = External_If (STD Ethernet)
x.x.x.131 = would like to be web server
x.x.x.132 = would like to be mail server
x.x.x.133 = would like to be ftp server
x.x.x.134 = would like to be some-other server
x.x.x.135 = Broadcast

I know how to set up NAT using the External_If NAT'ed to an internal server but how do I add the others?

Thanks.
Reply With Quote
  #2 (permalink)  
Old 02-18-2004, 09:21 PM
Wizard
  
Join Date: Feb 2002
Location: Massachusetts, USA
Posts: 850
Default Re: Set up NAT with block of IPs from ISP
You would create the additional IPs on the external interface of your ASL.
Create DNAT rules such that all services on eack external IP would be redirected to the corresponding internal IP.
Then create SNAT rules for each internal IP to change the internal IP to the corresponding external IP of your ASL.

Example:
DNAT:
Source: any, Service: any
Dest: 1.2.3.131 (external ASL IP for webserver)
Change Dest to: 192.168.1.131 (internal IP of webserver)
Change service: none

SNAT:
Source: 192.168.1.131, Service: any
Change Source to: 1.2.3.131
Change service: none

This will redirect all incoming traffic on 1.2.3.131 to 192.168.1.131 and have any outbound traffic from 192.168.1.131 appear as if it came from 1.2.3.131.

No sweat.
Reply With Quote
  #3 (permalink)  
Old 02-18-2004, 09:43 PM
Junior Member
  
Join Date: Aug 2003
Posts: 12
Default Re: Set up NAT with block of IPs from ISP
I answered my own question. I hope this post helps...

1) Assigned all the IP address as secondary to the External_If with ip/mask/gateway under Interfaces


2) Created all the ISP Assigned addresses under Networks
Name= IPBlock131
address=x.x.x.131
netmask=32
Repeated for all addresses


2a) Created all the internal servers addresses under Networks
Name = ServerName
address = 192.168.1.18
netmask = 32
Repeated for all internal servers


3) Created a DNAT/SNAT:

Source Addr = No Match

Destin Addr = IPBlock*** - (IPBlock*** defined in Networks. Step 2)

Service = HTTP

Chg Src Addr = No Change

Chg Dest Addr = Internal Server - (defined in Networks. Step 2a)

Repeated for all needed addresses


4) Created Rules

From Internal_If Any/Any Allow

From Internal_Network Any/Any Allow

From Any HTTP ServerName Allow (ServerName defined in Networks. Step 2a)

From IPBlock*** HTTP ServerName Allow (IPBlock*** defined in Networks. Step 2)

Repeated for all needed addresses
Reply With Quote
  #4 (permalink)  
Old 02-18-2004, 09:46 PM
Junior Member
  
Join Date: Aug 2003
Posts: 12
Default Re: Set up NAT with block of IPs from ISP
Hey Jim, Thanks! I think this should be as easy as pie for the next forum surfer =)
Reply With Quote
Reply

« Previous Thread | Next Thread »
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On


All times are GMT. The time now is 04:39 PM.

 
Contact Us - Astaro User Bulletin Board - Archive - Top

Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2010, Jelsoft Enterprises Ltd.


These pages are specifically maintained for the discussion of firewall issues within the Open Source community, and might already reflect new alpha/beta releases under development. Please refer to our product specifications for the functionality of the actual release. Discussions of new/enhanced functionality does not constitute a commitment of Astaro, to integrate this functionality into future releases. issues within the Open Source community, and might already reflect new alpha/beta releases under development. Please refer to our product specifications for the functionality of the actual release. Discussions of new/enhanced functionality does not constitute a commitment of Astaro, to integrate this functionality into future releases.