LANCOM Support Knowledgebase Document No. 0906.0112.5242.LHEL - V1.20

Translating private addresses in the DMZ into public addresses


Description:
This document describes how to configure the translation of private addresses in the DMZ into publicly accessible addresses.


Requirements:


Procedure:

1. First, you configure the DMZ IP address.



2. For security reasons you should additionally activate the private mode for the corresponding ports. You can make this setting under the following menu item: Configuration -> Interfaces -> LAN -> Ethernet ports.



3. You then switch off IP masquerading of the default route.



4. In the N:N table you then add the entries which translate the server addresses from the DMZ into public addresses.
    Example for a mail server:

    The mail server with the IP address 192.168.1.2 is to be translated to the public address 217.217.217.217.

    To do this, switch to the following menu item: Configuration -> IP router -> N:N mapping -> N:N NAT table.

    Specify here the netmask associated with the IP addresses entered.

    The netmask applies to both IP address ranges (original and translated), because N:N-address mapping (NAT, network address translation, in this case N:N NAT) requires that the original and the translated IP networks are of equal size.

    If you only need to translate one single IP address, enter the netmask 255.255.255.255.


5. The server can now be contacted from the WAN via its public IP address.

Catchwords:
Please review this document! This document was helpful This document was not helpful