Ftp chapter 6. security mechanisms 143 – D-Link DFL-2500 User Manual
Page 143
2.
Now enter:
•
Name: SAT-ftp-inbound
•
Action: SAT
•
Service: ftp-inbound
3.
For Address Filter enter:
•
Source Interface: any
•
Destination Interface: core
•
Source Network: all-nets
•
Destination Network: wan_ip (assuming the external interface has been defined as this)
4.
For SAT check Translate the Destination IP Address
5.
Enter To: New IP Address: ftp-internal (assume this internal IP address for FTP server has been defined in
the Address Book object)
6.
New Port: 21
7.
Click OK
D. Traffic from the internal interface needs to be NATed:
1.
Go to Rules > IP Rules > Add > IPRule
2.
Now enter:
•
Name: NAT-ftp
•
Action: NAT
•
Service: ftp-inbound
3.
For Address Filter enter:
•
Source Interface: dmz
•
Destination Interface: core
•
Source Network: dmznet
•
Destination Network: wan_ip
4.
For NAT check Use Interface Address
5.
Click OK
E. Allow incoming connections (SAT requires a second Allow rule):
1.
Go to Rules > IP Rules > Add > IPRule
2.
Now enter:
•
Name: Allow-ftp
•
Action: Allow
•
Service: ftp-inbound
3.
For Address Filter enter:
•
Source Interface: any
•
Destination Interface: core
•
Source Network: all-nets
•
Destination Network: wan_ip
6.2.3. FTP
Chapter 6. Security Mechanisms
143