LANCOM Support Knowledgebase Document No. 0906.0112.5242.LHEL - V1.20

Translating private addresses in the DMZ into public addresses

This document describes how to configure the translation of private addresses in the DMZ into publicly accessible addresses.



1. First, you configure the DMZ IP address.

2. For security reasons you should additionally activate the private mode for the corresponding ports. You can make this setting under the following menu item: Configuration -> Interfaces -> LAN -> Ethernet ports.

3. You then switch off IP masquerading of the default route.

4. In the N:N table you then add the entries which translate the server addresses from the DMZ into public addresses.
    Example for a mail server:

    The mail server with the IP address is to be translated to the public address

    To do this, switch to the following menu item: Configuration -> IP router -> N:N mapping -> N:N NAT table.

    Specify here the netmask associated with the IP addresses entered.

    The netmask applies to both IP address ranges (original and translated), because N:N-address mapping (NAT, network address translation, in this case N:N NAT) requires that the original and the translated IP networks are of equal size.

    If you only need to translate one single IP address, enter the netmask

5. The server can now be contacted from the WAN via its public IP address.

Please review this document! This document was helpful This document was not helpful