Solved

Sonicwall 1-to-1 Nat question

Posted on 2006-06-20
5
1,234 Views
Last Modified: 2011-09-20
Have three public IPs.  For example:
xxx.xxx.xxx.183 is used solely for the internal network.
xxx.xxx.xxx.184 is assigned to DVR1.
xxx.xxx.xxx.185 is assigned to DVR2.
The 2 DVRs are routing traffic TCP/UDP EXCLUSIVELY on port 7700.
Currently this setup is being done by using a switch after the cable modem.

We need to route all 3 through one firewall:
 
Routing would be 1-to-1 Nat:
Assign DVR1 staticIP xxx.xxx.xxx.184 to internal private address 10.10.10.101 for TCP/UDP 7700.
Assign DVR2 staticIP xxx.xxx.xxx.185 to internal private address 10.10.10.102 for TCP/UDP 7700.
 
What would the routing table look like for outgoing?
Is this the correct setup?
THanks
0
Comment
Question by:PCLANTECHS
5 Comments
 

Expert Comment

by:olyrick
ID: 16993061
Which Sonicwall router are you using? Also, what is the subnet of these IPs?

I believe you must have SonicOS Enhanced to be able to do 1-to-1 NAT with multiple IP addresses. The funny thing with the Sonicwall is that you cannot tell it explicitly to listen to the 2 IP addresses, but you can tell it to apply NAT to the different IPs.

First, create 2 services (with the same name), one for TCP 7700 and one for UDP 7700.
Create a NAT rule (possibly using the Public Server Wizard) for the new service to point to your internal IPs. In the public server wizard, if you are using SonicOS Enhanced, it will ask you for "Server Public IP Address". Enter x.x.x.184 or .185 here.
Click on Apply, and you're done.
0
 
LVL 1

Author Comment

by:PCLANTECHS
ID: 16993119
thanks for the response. We are going to use a TZ 170. We actually contacted Sonicwall about this issues and they never mentioned using SonicOS Enhanced?
They stated it would work just as you have. Why would we c reate a service with the same name?
I was just going to setup the one-to-one and create the inbound and outbound rules which looks to be what you suggest.
Also, When you publish the publish the public server does this automatically create the outbound rule?
Thanks
0
 
LVL 10

Accepted Solution

by:
budchawla earned 500 total points
ID: 17137519
PCLANTECHS, in response to your questions:
We actually contacted Sonicwall about this issues and they never mentioned using SonicOS Enhanced? You don't need Enhanced to have the 1-1 nat that you need. In fact, all you need to do is specify a single 1-1 nat range with a length of 2. i.e., add a new range, private range start: 10.10.10.101 public range start xx.xx.xx.184, range length = 2.

I think what olyrick was suggesting was to create a custom service since the sonicwall does not have a default service for tcp 7700 and udp 7700. The same-name thing is just to keep it simple to manage, technically you could name them whatever you wanted.

By default on most sonicwalls (look towards the bottom of the access rules page), there is a rule that says

Priority      Source      Destination      Service          Action      
13              LAN        *                    Any         Allow

This would allow ANY outgoing traffic unless it's specifically blocked by another (higher & more specific) rule. So no, you don't need to create outdound rules.

So the process is quite simple:
1. Create Services for TCP 7700 & UDP 7700 named say custom1 & custom2
2. Create a 1-1 NAT as I mentioned above
3. Create firewall access rules as:

Action: Allow
Service: custom1
Source: WAN *
Destination: LAN 10.10.10.101 - 10.10.10.102

Action: Allow
Service: custom2
Source: WAN *
Destination: LAN 10.10.10.101 - 10.10.10.102

And make sure the rules are enabled!
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
iptables question 3 72
Firewall connection 10 66
Trojan blocked 11 84
How do I restrict App Service access to specific IPs (i.e. firewall)? 4 57
If you are like regular user of computer nowadays, a good bet that your home computer is on right now, all exposed to world of Internet to be exploited by somebody you do not know and you never will. Internet security issues has been getting worse d…
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.
This is a video that shows how the OnPage alerts system integrates into ConnectWise, how a trigger is set, how a page is sent via the trigger, and how the SENT, DELIVERED, READ & REPLIED receipts get entered into the internal tab of the ConnectWise …

919 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now