Setup guide

ManualsBrandsD-Link ManualsComputer equipmentDWL-500 - 11Mb Wireless LAN PCI Network Card

231

232

233

234

235

236

237

238

239

240

If the packet matches the masquerade rule, then the router opens a connection to the destination,

and sends out a modified packet with its own address and a port allocated for this connection. The

router keeps track about masqueraded connections and performs the "demasquerading" of packets,

which arrive for the opened connections. For filtering purposes, you may want to specify the

to-src-ports argument value, say, to 60000-65535

If you want to change the source address:port to specific adress:port, use the action=nat instead of

action=masquerade:

[admin@test_1] ip firewall src-nat> add src-address=192.168.0.1/32 out-interface

=wlan1 action=nat to-src-address=1.1.1.1

[admin@test_1] ip firewall src-nat> print

Flags: X - disabled, I - invalid, D - dynamic

0 src-address=192.168.0.1/32:0-65535 dst-address=0.0.0.0/0:0-65535

out-interface=wlan1 protocol=all icmp-options=any:any flow=""

connection="" content="" limit-count=0 limit-burst=0 limit-time=0s

action=nat to-src-address=1.1.1.1 to-src-port=0-65535

[admin@test_1] ip firewall src-nat>

Here, the:

• src-address - can be IP host's address, for example, 192.168.0.1/32, or network address

192.168.0.0/24

• to-src-address - can be one address, or a range, say 10.0.0.217-10.0.0.219. The addresses

should be added to the router's interface, or should be routed to it from the gateway router.

Destination NAT

ip firewall dst-nat

Description

Redirection and destination NAT should be used when you need to give access to services located

on a private network from the outside world

Property Description

action (accept | redirect | nat; default: accept) - action to undertake if a packed matched a particular

dst-nat rule, one of the:

• accept - accept the packet without undertaking any action, except for mangle. No more rules

are processed in the relevant list/chain

• redirect - redirects to the local address:port of the router. In this case, the to-dst-address

argument value is not taken into account and it does not need to be specified, since the router's

local address is used.

• nat - perform Network Address Translation. The to-dst-address should be specified (not

required with action=redirect)

in-interface (name; default: all) - interface the packet has entered the router through

• all - may include the local loopback interface for packets with destination to the router

to-dst-address (IP address; default: 0.0.0.0) - destination IP address to replace original with

to-dst-port (integer: 0..65535; default: 0-65535) - destination port to replace original with

src-mac-address (MAC address; default: 00:00:00:00:00:00) - host's MAC address the packet has

been received from