Configuring DNAT

Policy > NAT > DNAT

DNAT translates destination IP addresses, usually translating IP addresses of internal servers (such as the WWW server or SMTP server) protected by the device to public IP addresses.

In the DNAT page, you can perform the following actions:

From the Virtual Router drop-down menu, select the desired virtual router. The page will display all DNAT rules that belong to the selected virtual router.
Click New to create a new DNAT rule, including IP Mapping, Port Mapping, and Advanced Configuration.
Click Edit to edit the selected DNAT rule.
Click Delete to delete the selected DNAT rule.
Click Priority to adjust the priority of the selected DNAT rule. The DNAT rules located at the top have the high priority. When the traffic flows into a Hillstone device, the device will query for DNAT rules by turn and processes the traffic according to the first matched rule.

Options in the IP Mapping Configuration dialog:

Option	Description
Requirements
Virtual Router	Select the destination virtual router for the DNAT rule.
Destination Address	Specifies the destination IP address of the traffic. You can select an existing address entry in the system, or type an IP address.
Mapping
Translate to	Specify translated destination IP address. The number of translated destination IP addresses you specified must be the same as the number of the destination IP addresses of traffic.

Options in the Port Mapping Configuration dialog:

Option	Description
Requirements
Virtual Router	Select the destination virtual router for the DNAT rule.
Destination Address	Specifies the destination IP address of the traffic. You can select an existing address entry in the system, or type an IP address.
Service	Select a service from the drop-down menu. This DNAT rule will be applied to the selected service.
Mapping
Translated to	Specify translated destination IP address. The number of translated destination IP addresses you specified must be the same as the number of the destination IP addresses of traffic.
Port Mapping	Type the translated port number of the Intranet server. The available range is 1 to 65535.

Options in the DNAT Configuration dialog:

Option	Description
Basic
Virtual Router	Select the destination virtual router for the DNAT rule.
Source Address	Specifies the source IP address of the traffic. You can select an existing address entry in the system, or type an IP address.
Destination Address	Specifies the destination IP address of the traffic. You can select an existing address entry in the system, or type an IP address.
Service	Select a service from the drop-down menu. This DNAT rule will be applied to the selected service.
Translated to	Select NAT to translate the IP addresses that match the conditions above to the specified address entry or IP address. You can select No NAT to not translate the IP addresses.
Translate Service Port to	Port: Select Enable to translate the port number of the service that matches the conditions above. Load Balance: Select Enable to enable the function. Traffic will be balanced to different Intranet servers.
Advanced
Track Ping Packets	After enabling the Track Ping Packets function, the system will send Ping packets to check whether the Intranet servers are reachable.
Track TCP Packets	After enabling the Track TCP Packets function, The system will send TCP packets to check whether the TCP ports of Intranet servers are reachable.
TCP Port	Specifies the TCP port number of the monitored Intranet server.
NAT Log	Enable the log function for this DNAT rule to generate the log information when traffic matches this NAT rule.
Position	Specifies the position of the rule. Each SNAT rule has a unique ID. When traffic flows into the Hillstone device, the device will search DNAT rules by sequence and then implement NAT on the destination IP of the traffic according to the first matched rule. The sequence of the ID showed in the DNAT rule list is the order of the rule matching.
ID	The ID number is used to distinguish between NAT rules. Specifies the method you get the rule ID. It can be automatically assigned by system or manually assigned by yourself.