Top
Configuring a Mediatrix Unit as a NAT/Firewall Between the LAN and the Internet
This use case describes the configuration of an office where the Mediatrix unit is located directly on the internet and there are other devices in the LAN needing to access the internet.
These configuration notes are specially designed for the Mediatrix G7 and S7 Series as well as for the Sentinel 100 and 400 units, which feature Gigabit Ethernet interfaces and a built-in 4-port Ethernet switch.
This diagram represents a network configuration in which the Mediatrix unit is connected to both Internet (i.e. WAN) and other devices in the local network (i.e. LAN).

Top
Information to Know Before Starting
Before starting to use these configuration notes, complete the following table to make sure you have the required information to complete the different steps.
Information | Value | Used in Step |
---|---|---|
The IP address to access the management interface of your Mediatrix unit. |
By default
|
Logging on to the Mediatrix Unit Web Interface |
Internet connection details:
|
Configuring the Uplink Network Interface to a static IP address | |
IP address of each DNS server | Configuring the Domain Name Server (DNS) | |
IP address of each SNTP server (optional) | Configuring the SNTP Server to a Static IP Address |
Top
Important-Enabling Access of Other Devices through NAT
When setting the Source Address, the Destination Address, and the New Address, make sure you type them exactly as shown:
- They are case sensitive (the first letter must be uppercase).
- For the Source Address and Destination Address fields, the Lan1/ value represents all devices on the network interface subnet.
- In the New Address field, Lan1 and Uplink represent the IP address of the corresponding interface.
Top
Getting Started
Logging on to the Mediatrix Unit Web Interface
Top
Changing the Login Password

Top
Securing SNMP Interface
- Go to Management/SNMP.
-
In the SNMP Configuration table, set
the following parameters:
- Set Enable SNMP V1 to Disable.
- Set Enable SNMP V2 to Disable.
- Set the Privacy Protocol.
- In the Privacy Password field, enter a password of your choosing.
- Click Apply.

Top
Configuring the Uplink Network Interface to a static IP address
- The assigned static IP address and its network mask (also known as CIDR)
- The IP address of the network gateway
If your Internet Service Provider is using another method, such as DHCP or PPPoE, refer to the DGW Configuration Guide - Network Interfaces document published on the Media5 Documentation Portal.

Top
Configuring the Domain Name Server (DNS)
- Go to Network/Host.
- In the DNS Configuration table, form the Configuration Source selection list, select Static.
- For each DNS used, enter the IP address of the DNS.
- Click Apply.
Top
Configuring the SNTP Server to a Static IP Address

Top
Enabling the NAT Service
- Go to System/Services.
- In the User Service table, on the same line as Network Address Translation (NAT), set the Startup Type to Auto.
-
Click
.

Top
Enabling IPv4 Forwarding
- Go to Network/IP Routing.
- In the IP Routing configuration table, select Enable.
- Click Save.

Top
Adding a NAT Rule to Allow the Devices Connect Directly to the Mediatrix Unit
- Go to Network/NAT.
-
In the Source Network Address Translation Rules field, click
.
- From the Activation selection list, choose Enable.
- In the Source Address field, enter Lan1/ (The uppercase "L" and trailing slash are important).
- In the Destination Address field, enter Lan1/ (The uppercase "L" and trailing slash are important).
- In the New Address field, enter Lan1 (Here without the trailing slash).
- Click Save & Apply.

Top
Adding a NAT Rule to Allow the LAN Devices Connect to the Internet
- Go to Network/Interfaces.
-
In the Source Network Address Translation Rules field, click
.
- From the Activation selection list, choose Enable.
- In the Source Address field, enter Uplink (The uppercase "U" is important, without any trailing slash).
- In the Destination Address field, leave the field empty.

Top
Configuring your LAN Devices to Access Internet Through the Mediatrix Unit
- By configuring a DHCP server on the Mediatrix unit (see the Tehcnical Bulletin - Configuring the DHCP Server document published on the Media5 Documentation Portal), or
-
Manually by consulting each device manual to setup the following:
- IP address (in the 192.168.0.xxx range by default).
- Subnet Mask (255.255.255.0 or /24).
- Default Gateway (the IP address of the Mediatrix unit, by default 192.168.0.10).
- DNS servers and SNTP servers if needed.
Top
Performing a Configuration Backup to the Unit File Management System

Top
Optional Port Forwarding
Port Forwarding
The Port Forwarding feature allows a connection from a remote device (for example, computers on the Internet) to a specific computer or device within a private local-area network (LAN) behind the Mediatrix unit.
To allow remote users access a local IP-enable PBX, or intranet server, it is possible to map a TCP/IP port on the Mediatrix unit WAN interface and forward its packets to the wanted IP/port combination on the LAN.
A typical scenario would be to map port 8080 on the Mediatrix unit WAN interface to a Web server on the LAN side, with the new address 192.168.0.99:80 for example.
Top
Setting Port Forwarding
- Go to Network/NAT.
-
In the Destination Network
Address Translation Rules table, click
.
-
Set the following parameters:
- Set Activation to Enable.
- Leave Source Address field blank.
- Set Destination Address to Uplink.
- Set the Protocol to reflect your desired configuration.
- Set the Destination Port to the desired port you want to forward to.
- Set the New Address to the desired location.
- Click Save & Apply.
- Repeat the steps 2 to 4 for additional routes.

Top
Optional Local Firewal Configuration
Local Firewall Configuration and Activation
By default, the Local Firewall service is in Automatic mode and configured with a default policy to accept all traffic.
There are different approaches to security, but in this section we will give a simple example that will restrict a range of ports from 1 to 5000 to everyone except the LAN. Note: Our range stops at 5000, as the later ports are used for telephony 5004 (RTP), 5006 (SRTP), 5060 (SIP), 5061 (TLS), 16000-16xxx (Endpoint persistent connections), etc.
Top
Allocating Port Range 1 to 5000 to LAN Only
Top
Documentation
- To configure the DHCP server, refer to the Technical Bulletin - Configuring the DHCP Server document.
- For more information on Local firewalls, refer to refer to the DGW Configuration Guide - Configuring Local Firewalls document published on our documentation portal.
- For mire information on configuration of Network Firewalls, refer to the DGW Configuration Guide -Configuring the Network Firewall Firmware Guide published on our documentation portal.
- For more information on Securing the Mediatrix unit, refer to the Technical Bulletin - Securing a Mediatrix Unit technical bulletin published on our documentation portal.
- For more information on Enabling NAt and Routing in DGW, refer to the Technical Bulletin -Enabling NAT and Routing in DGW technical bulletin published on our documentation portal.
- For more information on Configuring Port Forwarding for a Web Server Located on the LAN, refer to the Technical Bulletins - Configuring Port Forwarding for a Web Server Located on the LAN document published on our documentation portal.
Top
Copyright Notice
Copyright © 2023 Media5 Corporation.
This document contains information that is proprietary to Media5 Corporation.
Media5 Corporation reserves all rights to this document as well as to the Intellectual Property of the document and the technology and know-how that it includes and represents.
This publication cannot be reproduced, neither in whole nor in part, in any form whatsoever, without written prior approval by Media5 Corporation.
Media5 Corporation reserves the right to revise this publication and make changes at any time and without the obligation to notify any person and/or entity of such revisions and/or changes.