How to setup NAT.
Posted by Philip Vokhmintsev on 10 February 2014 10:36
The most common way to connect is the following scheme (a simple example):
Two network cards:
Local IP address on the lan NIC
Real static or dynamic IP address on Internet connection NIC
This method has the simplest configuration and reduced to the following steps:
Open on the server UserGate administrator Console - page "Interfaces". Select interface, which is looking into the local network and set the type - LAN. Thus, we show the program that this interface in the system will be local. Then make sure that the "main interface" setup is Your external IP address.
Add users on page named "Users and Groups - Users" with authorization by IP or IP+MAC or any of logical types of authorization if you want users register on UserGate by user Name and Password.
Define available for your users of network resources.
Usually allowed traffic by htis protocols:
Web pages (HTTP, HTTPs),
Email protocols (POP3, SMTP, IMAP),
Instant messengers (ICQ, IRC, MSN, Skype)
and anything else of Your choice.
List of firewall services is large enough so You can find almost everything you need, or add a new protocol:port if desired service is not specified in the list of services.
To set the resolution, you should open "Firewall Rules" and add there one rule. Name of the new rule can be - "Internet".
On first page select the "source" it is the "LAN interface", On next page select the destination it is a "WAN interface".
Next, specify the services: HTTP, HTTPs, POP3, SMTP, ICQ etc (or you can allow all traffic enable service named - "Any:full")
On the last page choose who from the created users will allow to use these services. It may be easier to apply the selected rule to the entire group or groups.
Next, you need configure a server for forwarding DNS requests from the user to the ISP. To do this, go to the page "Services - DNS forwarding" and enable "DNS forwarding", or find that he "enabled" (marked in green). The setting can be left as default: "Use system DNS-servers".
The last thing you do on the server, is included in "Services - Proxy configuration" HTTP-proxy and select the checkbox on options "transparent mode" to statistics recorded in the form of a URL, rather than IP addresses.
After that will earn and filters created on the page "Traffic rules".
Go to the user's machine. Open the "network connection Properties" and specify settings in TCP/IP, namely: Specify the default gateway and Preferred DNS as - "local IP address" (LAN-interface) of the machine with UserGate.
After that, the program will take the traffic for each user, and for the services that You specified in the firewall rule.