Example 1b. Ingate Firewall with two interfaces, using NAT

In this example, the same network configuration is used as in the previous one (example 1a). The only difference is that here, NAT is turned on from the Inside to the Outside. To be able to receive traffic initiated from the Internet, the firewall needs to have a fixed IP address on the outside interface. These are the pages on which the configuration differs from the previous example.

On the NAT page, turn NAT on from the eth0 interface to the eth1 interface. Since all IP addresses behind eth0 should be NATed, no networks are required.

On the Eth1 page, a fixed IP address is entered.

You will need to enter a Default gateway on the Basic Configuration page. In example 1 a, the firewall got this information from the DHCP server.

Since NAT is used, no computers on the Internet will know about the computers on the local network. Rules set up to allow traffic from the Internet to the Company network are therefore worthless and should be removed. Also, when NAT is used, the reply traffic will automatically have rules, so there is no need to specify them separately. These are the remaining Rules:

To let traffic in from the Internet, Relays must be used instead. Define one relay to forward smtp traffic (on port 25) and two relays for the WWW traffic (ports 80 and 443). All smtp and WWW traffic is forwarded to the server.

The rest of the configuration is the same as for the previous example. Make sure to apply the configuration on the Save/Load Configuration page.