4 n:n mapping – Lancom Systems LCOS 3.50 User Manual

LANCOM Reference Manual LCOS 3.50

̈

Chapter 7: Routing and WAN connections

80

Routing and

W

A

N

con

n

ections

Example: You are assigned the IP network address 123.45.67.0 with the net-
mask 255.255.255.248 by your provider. Then you can assign the IP addresses
as follows:

All computers and devices in the Intranet have no public IP address, and
therefore appear with the IP address of the LANCOM (123.45.67.1) on the
Internet.

Separation of Intranet and DMZ

Although Intranet and DMZ may be already separated on a Ethernet
level by distinct interfaces, an appropriate Firewall rules must be set
up in any case so that the DMZ is being separated from the LAN on
the IP level as well.
Thereby, the server service shall be available from the Internet and
from the Intranet, but any IP traffic from the DMZ towards the Intranet
must be prohibited. For the above example, this reads as follows:

̈

With a ’Allow All’ strategy (default): Deny access from 123.45.67.2 to “All
stations in local network“

̈

With a ’Deny All’ strategy (see ’Set-up of an explicit "Deny All" strategy’

→

page 138): Allow access from "All stations in local network" to

123.45.67.2

7.4

N:N mapping

Network Address Translation (NAT) can be used for several different matters:

̈

for better utilizing the IP4 addresses ever becoming scarcer

̈

for coupling of networks with same (private) address ranges

̈

for producing unique addresses for network management

DMZ IP
address

Meaning/use

123.45.67.0

network address

123.45.67.1

LANCOM as a gateway for the Intranet

123.45.67.2

Device in the LAN which is to receive unmasked access to the Internet, e.g.
web server connected at the DMZ port

123.45.67.3

broadcast address