DMZ Firewall Solution for the Express Router
07-12-99 Version 1.0 18
4.3 Network Address Translation (NAT)
Because the secure private networks on LAN1 use public IP addresses (89.20.0.0 and 90.20.0.0),
configure NAT to translate these addresses to private IP addresses. For example, NAT will
translate the E-mail server address from 89.20.0.1 to 10.1.0.1, the NNTP server address from
89.20.0.2 to 10.1.0.2, and the LAN1 address from 89.20.0.10 to 10.1.0.10.
Note: When adding filter entries, the internal addresses must be used.
NAT entries are defined as follows:
Entry Function Settings
1 Translate the internal IP
addresses on the network
89.20.0.0 to private IP
address on 10.1.0.0
Mapping type: Static
Internal address: 10.1.0.0
Internal mask: 255.255.0.0
External IP address: 89.20.0.0
External mask: 255.255.0.0
2 Translate the internal IP
addresses on the network
90.20.0.0 to private IP
address on 10.2.0.0
Mapping type: Static
Internal address: 10.2.0. 0
Internal mask: 255.255.0.0
External IP address: 90.20.0.0
External mask: 255.255.0.0
4.4 IP Filters Setup
This section describes the required IP filters for the LAN1, LAN2 and connection to the Internet.
4.4.1 LAN1 Filters
4.4.1.1 Receive (Rx) Filters on LAN1
Configure these receive filters for the LAN1 port, shown as they appear in Advanced Setup.