We have bought Allied Telesyn AT-410S router for
network with private ip pool and public ip pool for DMZ.

I have configured the following interfaces:

eth0-0 for WAN, vlan2-0 for LAN, vlan3-0 for DMZ

Then I've created firewall policies

create firewall policy="dmz"
create firewall policy="nat"

dmz policy is filtering WAN <-> DMZ
nat policy is filtering WAN <-> LAN

so I've added interfaces to the policies:

add firewall policy="dmz" int=vlan3-0 type=private tru=yes
add firewall policy="dmz" int=eth0-0 type=public

add firewall policy="nat" int=vlan2-0 type=private tru=yes
add firewall policy="nat" int=eth0-0 type=public

NAT policy also translates private IPs to public...

add firewall poli="nat" nat=enhanced int=vlan2-0 gblin=eth0-0


Now I need to allow some traffic from LAN to DMZ so I've tried
to add next policy:

create firewall policy="lantodmz"
add firewall policy="lantodmz" int=vlan3-0 type=public
add firewall policy="lantodmz" int=vlan2-0 type=private

Error (3077063): Private interface already exists.

I got this error because vlan2-0 already exists as private
interface in NAT policy.

how should I configure the router in that case??? actually
router won't pass any traffic from NAT to DMZ because it isn't
covered by any policy.


Tomasz Jankowski