Logo

EcoRouter

EcoNAT

EcoQOE

EcoBypass

English
  • Release Notes_EN

    • Configuring URL Filtering for addresses that do not fall under the NAT EcoNAT Documentation / URL Filtering functionality (DPI) / Configuring URL Filtering for addresses that do not fall under the NAT

    By default, the device performs URL filtering only for those IP subscribers that are included in any of the NAT pools (their IP addresses fall under to pool ACL).

    In the case that some range of IP addresses of subscribers are not faced to NAT (e.g., routable to Internet the "real" addresses of subscribers, for example, from the network 194.85.16.0/24), for performing URL filtering, you have to make the following steps:

    Create a new NAT pool.

    MyEcoNAT:1:# create pool poolurl

    To set fake type to the pool.

    MyEcoNAT:2:# edit poolurl
    MyEcoNAT:3:pools.poolurl# type fake

    To set minimum priority to poolurl pool.

    MyEcoNAT:4:pools.poolurl# priority 10000

    Create an ACL.

    MyEcoNAT:6:pools.poolurl# create acl aclurl

    To enter rules in aclurl.

    MyEcoNAT:7:pools.poolurl# use aclurl poolurl
    MyEcoNAT:8:pools.poolurl# edit aclurl
    MyEcoNAT:9:acls.aclurl# 10 allow ip 194.85.16.0/24 any

    To apply a configuraion.

    MyEcoNAT:9:acls.aclurl# apply
    APPLY CONFIGURATION IS DIFFER, PROCESS APPLY
              }
              pools
              {
                poolurl
                {
                  # pool is valid and will be activated during apply
                    type fake
                    enable
                    acl aclurl
                    priority 10000
                    connection_logging on
                }
              }
              acls
              {
                  aclurl {
                    10 permit ip src net 194.85.16.0/24 dst any
                  }
              }
    RECONFIG FUNCTION PROCESSING
    EconatEngineReconfig output success
    APPLY SUCCESS
    Save applied configuration into profile 'lastapply'


    For this pool, it is recommended to set the minimum priority, i.e., the value of the priority parameter must be greater than all the other NAT pools (the smaller the priority value, the higher the priority). Thus, this pool will handle the traffic that is not handled by the other NAT pools.

    Fake pool allows logging of connections with the relevant IP addresses for the Syslog and Netflow protocols.