Solved

Sonicwall 1-to-1 Nat question

Posted on 2006-06-20
5
1,237 Views
Last Modified: 2011-09-20
Have three public IPs.  For example:
xxx.xxx.xxx.183 is used solely for the internal network.
xxx.xxx.xxx.184 is assigned to DVR1.
xxx.xxx.xxx.185 is assigned to DVR2.
The 2 DVRs are routing traffic TCP/UDP EXCLUSIVELY on port 7700.
Currently this setup is being done by using a switch after the cable modem.

We need to route all 3 through one firewall:
 
Routing would be 1-to-1 Nat:
Assign DVR1 staticIP xxx.xxx.xxx.184 to internal private address 10.10.10.101 for TCP/UDP 7700.
Assign DVR2 staticIP xxx.xxx.xxx.185 to internal private address 10.10.10.102 for TCP/UDP 7700.
 
What would the routing table look like for outgoing?
Is this the correct setup?
THanks
0
Comment
Question by:PCLANTECHS
5 Comments
 

Expert Comment

by:olyrick
ID: 16993061
Which Sonicwall router are you using? Also, what is the subnet of these IPs?

I believe you must have SonicOS Enhanced to be able to do 1-to-1 NAT with multiple IP addresses. The funny thing with the Sonicwall is that you cannot tell it explicitly to listen to the 2 IP addresses, but you can tell it to apply NAT to the different IPs.

First, create 2 services (with the same name), one for TCP 7700 and one for UDP 7700.
Create a NAT rule (possibly using the Public Server Wizard) for the new service to point to your internal IPs. In the public server wizard, if you are using SonicOS Enhanced, it will ask you for "Server Public IP Address". Enter x.x.x.184 or .185 here.
Click on Apply, and you're done.
0
 
LVL 1

Author Comment

by:PCLANTECHS
ID: 16993119
thanks for the response. We are going to use a TZ 170. We actually contacted Sonicwall about this issues and they never mentioned using SonicOS Enhanced?
They stated it would work just as you have. Why would we c reate a service with the same name?
I was just going to setup the one-to-one and create the inbound and outbound rules which looks to be what you suggest.
Also, When you publish the publish the public server does this automatically create the outbound rule?
Thanks
0
 
LVL 10

Accepted Solution

by:
budchawla earned 500 total points
ID: 17137519
PCLANTECHS, in response to your questions:
We actually contacted Sonicwall about this issues and they never mentioned using SonicOS Enhanced? You don't need Enhanced to have the 1-1 nat that you need. In fact, all you need to do is specify a single 1-1 nat range with a length of 2. i.e., add a new range, private range start: 10.10.10.101 public range start xx.xx.xx.184, range length = 2.

I think what olyrick was suggesting was to create a custom service since the sonicwall does not have a default service for tcp 7700 and udp 7700. The same-name thing is just to keep it simple to manage, technically you could name them whatever you wanted.

By default on most sonicwalls (look towards the bottom of the access rules page), there is a rule that says

Priority      Source      Destination      Service          Action      
13              LAN        *                    Any         Allow

This would allow ANY outgoing traffic unless it's specifically blocked by another (higher & more specific) rule. So no, you don't need to create outdound rules.

So the process is quite simple:
1. Create Services for TCP 7700 & UDP 7700 named say custom1 & custom2
2. Create a 1-1 NAT as I mentioned above
3. Create firewall access rules as:

Action: Allow
Service: custom1
Source: WAN *
Destination: LAN 10.10.10.101 - 10.10.10.102

Action: Allow
Service: custom2
Source: WAN *
Destination: LAN 10.10.10.101 - 10.10.10.102

And make sure the rules are enabled!
0

Featured Post

Live: Real-Time Solutions, Start Here

Receive instant 1:1 support from technology experts, using our real-time conversation and whiteboard interface. Your first 5 minutes are always free.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Direct Access 2012R2 Two Network Card Configuration Behind TMG 2010 3 48
Access shared drive during VPN session 9 107
Open BDS Pf 3 50
Watchguard Firewall Setup 3 87
Wikipedia defines 'Script Kiddies' in this informal way: "In hacker culture, a script kiddie, occasionally script bunny, skiddie, script kitty, script-running juvenile (SRJ), or similar, is a derogatory term used to describe those who use scripts or…
To setup a SonicWALL for policy based routing to be used with the Websense Content Gateway there are several steps that need to be completed. Below is a rough guide for accomplishing this. One thing of note is this guide is intended to assist in the…
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…

806 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question