MBR L13

–

User’s

Guide

46

Figure 55:

Restricted Website

3.

Enter the URL that you would like to make inaccessible from your local network (all Web pages within this

URL will also be blocked). If the URL has multiple IP addresses, the L13 will resolve all additional addresses

and automatically add them to the restrictions table.

4.

The

Local Host

drop-down menu provides you the ability to specify the computer or group of computers on

which you would like to apply the Web site restriction. Select an address or a name from the list to apply the

rule on the corresponding host, or

any

to apply the rule on all L13 LAN hosts.

5.

By default, the rule will always be active. However, you can configure scheduler rules by selecting

User

Defined

in order to define time segments during which the rule may be active. Once a scheduler rule(s) is

defined, the

Schedule

drop-down menu will allow you to choose between the available rules.

6.

Click

OK

to save the settings. You will be returned to the previous screen while the L13 attempts to find the

site.

7.

Resolving...

will appear in the Status column while the site is being located (the URL is

resolved

into one or

more IP addresses).

Figure 56:

Resolving

8.

Click the

Refresh

button to update the status if necessary. If the site is successfully located then

Active

will

appear in the status bar.

Figure 57:

Active Status

Note

: If the site wasn’t successfully located,

Hostname Resolution Failed

will appear. When the L13 fails to locate

the Website, do the following:

Use a Web browser to verify that the Website is available. If it is, then you probably entered the Website address

incorrectly. If the Website is not available, then return to the

Website Restrictions

screen at a later time and click

the

Resolve Now

button to verify that the Website can be found and blocked by MBR.

You may edit the Website restriction by modifying its entry under the

Local Host

column in the

Website Restrictions

screen.

MBR L13

–

User’s

Guide

47



To modify a rule:

1.

Click the

action icon for the restriction. The

Restricted Website

screen appears (see Figure

54:

Website Restrictions).

2.

Modify the Website address, group or schedule as necessary.

3.

Click the

OK

button to save your changes and return to the

Website Restrictions

screen.

4.

To ensure that all current IP addresses corresponding to the restricted Websites are blocked, click the

Resolve Now

button. The L13 will check each of the restricted Website addresses and ensure that all IP

addresses at which this Website can be found are included in the IP addresses column.

You can disable a restriction in order to make a Website available again without having to remove it from the

Website Restrictions

screen. This may be useful if you wish to make the Website available only temporarily and

plan to block it again in the future.



To modify an entry:

1.

Clear the check box next to the service name.

2.

To reinstate it at a later time, simply reselect the check box.



To modify an rule:

Click the

action icon for the service. The service will be permanently removed.

3.7.1.8

Network Address Translation (NAT)

The L13 features a configurable Network Address Translation (NAT) and Network Address Port Translation (NAPT)

mechanism, allowing you to control the network addresses and ports of packets routed through your gateway. When

enabling multiple computers on your network to access the Internet using a fixed number of public IP addresses, you

can statically define which LAN IP address will be translated to which NAT IP address and/or ports.

By default, the L13 operates in NAPT routing mode (refer to Section

3.7.1.8.1). However, you can control your network

translation by defining static NAT/NAPT rules. Such rules map LAN computers to NAT IP addresses. The NAT/NAPT

mechanism is useful for managing Internet usage in your LAN and for complying with various application demands. For

example, you can assign your primary LAN computer with a single NAT IP address, in order to assure its permanent

connection to the Internet. Another example is when an application server with which you wish to connect, such as a

security server, requires that packets have a specific IP address

–

you can define a NAT rule for that address.



To Configure the Network Address Translation:

1.

Click the

NAT

link of the

Firewall

menu item under the

Services

tab. The

NAT

screen appears.

Figure 58:

Network Address Translati

on

2.

Before configuring NAT/NAPT rules, you must first enter the additional public IP addresses obtained from

your ISP as your NAT IP addresses in the

NAT IP Addresses Pool

section. The primary IP address used by the

WAN device for dynamic NAPT should not be added to this table.

MBR L13

–

User’s

Guide

48

3.

To add a NAT IP address, click the

New IP Address

link. The

Edit Item

screen appears.

Figure 59:

Edit Item

4.

Select from IP address, IP Subnet, IP Range or the DHCP option in the

Network Object Type

drop-down

menu.

Enter the information respectively and click

OK

to save the settings.

5.

To add a new NAT/NAPT rule, click the

New Entry

link in the

NAT/NAPT Rule Sets

section of the

NAT

screen.

The

Add NAT/NAPT Rule

screen appears.

Figure 60:

Add NAT/NAPT Rule

This screen is divided into two main sections:

Matching

and

Operation

. The

Matching

section defines the

LAN addresses to be translated to the external addresses which are defined in the

Operation

section.

6.

Matching

Use this section to define characteristics of the packets matching the rule.

Source Address

The source address of packets sent or received by the L13. The drop-down menu provides

you the ability to specify the computer or group of computers on which you would like to apply the rule.

Select an address or a name from the list to apply the rule on the corresponding host, or

Any

to apply the

rule on all L13 LAN hosts.

Destination Address

The destination address of packets sent or received by MBR. This address can be

configured in the same manner as the source address. This entry enables further filtration of the packets.

Protocol

You may also specify a traffic protocol. Selecting the

Show All Services

option from the drop-down

menu expands the list of available protocols. Select a protocol.

7.

Operation

- Use this section to define the operation that will be applied on the IP addresses matching the

criteria defined above. The operations available are NAT or NAPT. Selecting each from the drop-down menu

refreshes the screen accordingly.

MBR L13

–

User’s

Guide

49

Figure 61:

Add NAT Rule

NAT Addresses

The NAT address into which the original IP address will be translated. The drop-down menu

displays all of your available NAT addresses/ranges from which you can select an entry.

Figure 62:

A

dd NAPT Rule

NAPT Address

The NAPT address into which the original IP address will be translated. The drop-down menu

displays all of your available NAPT addresses/ranges from which you can select an entry. Note, however, that

in this case the network object may only be an IP address since NAPT is port-specific.

NAPT Ports

Specify the port(s) of the IP address to which the original IP address will be translated. Enter a

single port or select

Range

in the drop-down menu. The screen refreshes, enabling you to enter a range of

ports.

Figure 63:

Add NAPT Rule

8.

Logging

section allows you to

m

onitor the rule.

Log Packets Matched by This Rule

Select this check box to log the first packet from a connection that was

matched by this rule.

9.

Schedule

By default, the rule will always be active. However, you can configure scheduler rules by selecting

User Defined

, in order to define time segments during which the rule may be active. Once a scheduler rule(s)

is defined, the

Schedule

drop-down menu will allow you to choose between the available rules.

3.7.1.8.1

Using NAT/NAPT

This section demonstrates the NAT/NAPT usage and capabilities by creating several rules and observing their

implementation.



To Add NAT/NAPT IP Addresses

In the following examples, LAN IP addresses are marked 192.168.1.X, while NAT addresses are marked

192.168.71.X. Assuming your obtained public IP addresses are

192.168.71.12 through 192.168.71.20

, add them as

NAT IP addresses to the WAN Ethernet settings, as follows:

MBR L13

–

User’s

Guide

50

1.

Click the

NAT

link of the

Firewall

menu item under the

Services

tab. The

NAT

screen appears.

2.

Click the

New IP Address

link in the

NAT IP Addresses Pool

section. The

Edit Item

screen appears (see Figure

64:

Edit Item).

3.

Select the IP address option and enter 192.168.71.12.

Figure 64:

Edit Item

4.

Click

OK

to save the settings.

5.

Click the

New IP Address

link again to add an additional Public IP to NAT IP Addresses Pool. This sequence is

for demonstration purposes; you may enter your public IP addresses in the method that suits you.

6.

Select the IP range option and enter 192.168.71.13 through 192.168.71.20.

Figure 65:

Edit Item

7.

Click

OK

to save the settings. The new IP addresses are displayed in the

NAT IP Addresses Pool

section.

Figure 66:

NAT IP Addresses

8.

Click

OK

to save the settings.

You can now add NAT/NAPT rules based on these IP addresses.



To add a NAT/NAPT rule:

1

.

Click the

New Entry

link in the

NAT/NAPT Rule Sets

section. The

Add NAT/NAPT Rule

screen appears.