One-to-one nat configuration example – SonicWALL Internet Security Appliances User Manual

Advanced Features Page 161

One-to-One NAT Configuration Example

This example assumes that you have a SonicWALL running in the NAT-enabled mode, with IP
addresses on the LAN in the range 192.168.1.1 - 192.168.1.254, and a WAN IP address of
208.1.2.2. Also, you own the IP addresses in the range 208.1.2.1 - 208.1.2.6.
Alert If you have only one IP address from your ISP, you cannot use One-to-One NAT.
You have three web servers on the LAN with the IP addresses of 192.168.1.10, 192.168.1.11, and
192.168.1.12. Each of the servers must have a default gateway pointing to 192.168.1.1, the
SonicWALL LAN IP address.
You also have three additional IP addresses from your ISP, 208.1.2.4, 208.1.2.5, and 208.1.2.6,
that you want to use for three additional web servers. Use the following steps to configure One-to-
One NAT:
1. Log into the Management Interface, and click Advanced. Then click the One-to-One NAT tab.

2. Select Enable One-to-One NAT and click Update.

3. Type in the IP address, 192.168.1.10, in the Private Range Begin field.

4. Type in the IP address, 208.1.2.4, in the Public Range Begin field.

5. Type in 3 in the Range length field.

Tip You can configure the IP addresses individually, but it is easier to configure them in a range.
However, the IP addresses on both the private and public sides must be consecutive to configure a
range of addresses.
6. Click Update.

7. Click Access, then the Rules tab.

8. Click Add New Rule and configure the following settings:

•

Allow

•

Service - HTTP

•

Source - WAN

•

Destination - LAN 192.168.1.10 - 192.168.1.12

•

Apply this rule - always

9. Click Update and restart the SonicWALL.
The server configurations take effect after the SonicWALL restarts and the configuration is updated.
Requests for http://208.1.2.4 are answered by the server at 192.168.1.10. Requests for
http://208.1.2.5 are answered by the server at 192.168.1.11, and requests for http://208.1.2.6
are answered by the server at 192.168.1.12. From the LAN, the servers can only be accessed using
the private IP addresses (192.168.1.x), not the public IP addresses or domain names. For example,
from the LAN, you must use URLs like http://192.168.1.10 to reach the web servers. An IP address,
such as 192.168.1.10, on the LAN cannot be used in both public LAN server configurations and in
public LAN server One-to-One NAT configurations.