This is a discussion on AT-410S LAN/NAT & DMZ - Routers ; We have bought Allied Telesyn AT-410S router for network with private ip pool and public ip pool for DMZ. I have configured the following interfaces: eth0-0 for WAN, vlan2-0 for LAN, vlan3-0 for DMZ Then I've created firewall policies create ...
We have bought Allied Telesyn AT-410S router for
network with private ip pool and public ip pool for DMZ.
I have configured the following interfaces:
eth0-0 for WAN, vlan2-0 for LAN, vlan3-0 for DMZ
Then I've created firewall policies
create firewall policy="dmz"
create firewall policy="nat"
dmz policy is filtering WAN <-> DMZ
nat policy is filtering WAN <-> LAN
so I've added interfaces to the policies:
add firewall policy="dmz" int=vlan3-0 type=private tru=yes
add firewall policy="dmz" int=eth0-0 type=public
add firewall policy="nat" int=vlan2-0 type=private tru=yes
add firewall policy="nat" int=eth0-0 type=public
NAT policy also translates private IPs to public...
add firewall poli="nat" nat=enhanced int=vlan2-0 gblin=eth0-0
Now I need to allow some traffic from LAN to DMZ so I've tried
to add next policy:
create firewall policy="lantodmz"
add firewall policy="lantodmz" int=vlan3-0 type=public
add firewall policy="lantodmz" int=vlan2-0 type=private
Error (3077063): Private interface already exists.
I got this error because vlan2-0 already exists as private
interface in NAT policy.
how should I configure the router in that case??? actually
router won't pass any traffic from NAT to DMZ because it isn't
covered by any policy.
Tomasz Jankowski
