LANCOM Support Knowledgebase
Document No. 1806.1210.2217.RHOO - V1.70
Configuring WAN policy-based NAT
As of LCOS version 10.20
, it is possible to operate WAN policy-based NAT.
WAN policy-based NAT allows address translation (masking) of connections based on firewall rules. You can now configure which WAN-IPv4 address assigned by the provider is used to mask internal addresses.
This feature is ideal for scenarios where a provider assigns multiple static IPv4 addresses, e.g. for operating mail servers and web servers with different WAN addresses.
LCOS as of version 10.20 (
download latest version
LANtools as of version 10.20 (
download latest version
The ISP provides the
on the WAN side.
is the network address and 184.108.40.206 is the broadcast address in this subnet, resulting in it
six usable public addresses
, one of which is reserved for the gateway (provider device).
In this example, the
public IP address 220.127.116.11
. The public IP addresses 18.104.22.168 – 22.214.171.124 can be used freely. Defined for this address range is an IPoE remote site, which is masked.
There are three local networks. The local network
is to be masked behind the IP address
, the local network
, and the local network
The “return connection” of the masquerading, i.e. the accessibility of a server from the outside, is realized via one or more port-forwarding entries, which are not a part of this example (see
Firewall/QoS -> IPv4 rules -> Action objects
a new firewall action object
for each of the three public IP addresses.
2) On the
tab, set the
and then enable
Policy-based NAT for each of the public IP address
The parameter must be entered
as a fixed IP address
Dynamic IP addresses
are not supported.
NAT is only possible if a WAN interface is involved. NAT is not supported between two LAN interfaces.
Firewall/QoS -> IPv4 rules -> Station objects
, add a
new station object
for each of the
IP address ranges for each of the three local networks
4) You then create a separate firewall rule for
each local network
the associated public IP addresses
This is shown as an exemple in the following figure for the
local network INTRANET and the public IP address 126.96.36.199
5) The new firewall rules should then appear as follows:
6) Write the configuration back to the LANCOM router.
Catchwords: wan; nat; masking. firewall
Please review this document!
This document was helpful
This document was