Allied Telesis AlliedWare NetScreen Routers User Manual
Page 6
Use Dynamic DNS To Allow You To Host Servers Behind A Dynamically-Assigned Public IP Address
6
Create a firewall policy and enable it. Use the commands:
create firewall policy=internet
enable firewall
enable firewall policy=internet icmp_f=all
Add the private interface to it. Use the command:
add firewall policy=internet int=vlan1 type=private
Add the public interface to it and set up Network Address Translation (NAT) between the
private and public interfaces. For the primary ADSL link, use the commands:
add firewall policy=internet int=ppp0 type=public
add firewall policy=internet nat=enhanced int=vlan1 gblint=ppp0
For the backup ISDN link, use the commands:
add firewall policy=internet int=ppp1 type=public
add firewall policy=internet nat=enhanced int=vlan1 gblin=ppp1
Add firewall rules to allow traffic from the WAN to access the servers. In this example, there
are web, FTP and mail servers.
For the primary ADSL link, use the commands:
add firewall policy=internet rule=1 action=allow interface=ppp0
protocol=tcp port=80 ip=ip-address-of-web-server gblip=0.0.0.0
gblport=80
add firewall policy=internet rule=2 action=allow interface=ppp0
protocol=tcp port=21 ip=ip-address-of-ftp-server gblip=0.0.0.0
gblport=21
add firewall policy=internet rule=3 action=allow interface=ppp0
protocol=tcp port=25 ip=ip-address-of-smtp-server gblip=0.0.0.0
gblport=25
For the backup ISDN link, use the commands:
add firewall policy=internet rule=4 action=allow interface=ppp1
protocol=tcp port=80 ip=ip-address-of-web-server gblip=0.0.0.0
gblport=80
add firewall policy=internet rule=5 action=allow interface=ppp1
protocol=tcp port=21 ip=ip-address-of-ftp-server gblip=0.0.0.0
gblport=21
add firewall policy=internet rule=6 action=allow interface=ppp1
protocol=tcp port=25 ip=ip-address-of-smtp-server gblip=0.0.0.0
gblport=25
5.
Configure the firewall
6.
Add firewall rules