ATU-R130 ADSL Ethernet Router User’s Guide

33

You can click

in the Action(s) column to view additional details about a NAT translation

session, as shown in Figure .

Figure 24. NAT Translation – Details Page{ XE "NAT Translation – Details page" }{ XE "Pages:NAT

Translations - Details" }

In addition to the information displayed in the NAT Translations table, this table displays the

following for the selected current translation sessions:

Field

Description

Translated

InAddress

The public IP address to which the private IP

address was translated.

In Address

The private IP address that was translated.

Out Address

The IP address of the outside destination (web,

ftp site, etc.)

In/Out Packets

The number of incoming and outgoing IP

packets that have been translated in this

translation session.

In Ports

The actual port number corresponding to the

LAN computer.

Out Ports

The port number associated with the destination

address.

Translated In Ports

The port number to which the LAN computer’s

actual port number was translated.

Adding NAT Rules

This section explains how to create rules for the various NAT flavors.

{

XE "NAT:adding rules"

}

Note

You cannot edit existing NAT rules. To change a rule setup,

delete it and add a new rule with the modified settings.

The napt rule: Translating between private and public IP addresses { XE "NAT:napt

flavor" }{ XE "NAPT (NAT flavor)" }

Follow these instructions to create a rule for translating the private IP addresses on your LAN to

your public IP address. This type of rule uses the NAT flavor napt, which was used in your

ATU-R130 ADSL Ethernet Router User’s Guide

34

default configuration. The napt flavor translates private source IP addresses to a single public IP

address. The napt rule also translates the source port numbers to port numbers that are defined

on the NAT Global Configuration page (see page 29).

Click the NAT tab, then select

NAT Rule Entry

from the NAT Options drop-down list on the

right side of the page.

The NAT Rule entry page displays a row for each currently configured NAT rule.

1.

Click

to display the NAT Rule – Add page.

The NAPT flavor displays by default in the Rule Flavor drop-down list. The NAT Rule – Add

page displays, as shown in Figure .

Figure 25. NAT Rule – Add Page (napt Flavor)

{

XE "NAT Rule—

Add page - napt"

}{

XE "Pages:NAT Rule

Add - napt"

}

2.

Enter a Rule ID.

The Rule ID determines the order in which rules are invoked (the lowest numbered rule is

invoked first, and so on). In some cases, two or more rules may be defined to act on the

same set of IP addresses. Be sure to assign the Rule ID so that the higher priority rules

are invoked before lower-priority rules. It is recommended that you select rule IDs as

multiples of 5 or 10 so that, in the future, you can insert a rule between two existing rules.

Once a data packet matches a rule, the data is acted upon according to that rule and is

not subjected to higher-numbered rules.

3.

From the IFName drop-down list, select the interface on the device to which this rule

applies.

Typically, NAT rules are used for communication between your LAN and the Internet.

Because the device uses the WAN interface (which may be named

ppp-0

or

eoa-0

) to

connect your LAN to your ISP, it is the usual IFName selection.

4.

In the Local Address From field and Local Address To fields, type the starting and

ending IP addresses, respectively, of

the range of private address you want to be

translated. Or, type the same address in both fields to specify a single value.

To specify that data from all LAN addresses should be translated, type 0 (zero) in each

From field and 255 in each To field.

If you have several non-sequential private addresses, you can create an additional napt

rule for each address.

These addresses should correspond to private addresses already in use on your network

(either assigned statically to your PCs, or assigned dynamically using DHCP).

5.

In the Global Address From and Global Address To fields, type the public IP address

assigned to you by your ISP.

If you have multiple WAN interfaces, in both fields type the IP address of the interface to

which this rule applies. This rule will not be enforced for data that arrives on other PPP

interfaces.

ATU-R130 ADSL Ethernet Router User’s Guide

35

If you have multiple WAN interfaces and want the rule to be enforced on a range of them,

type the starting and ending IP addresses of the range.

6.

When you have completed entering all information, click

.

A page displays to confirm the change.

7.

Click

to return to the NAT Configuration page.

The new rule should display in the NAT Rule Configuration table.

8.

Ensure that the Enable radio button is selected, and then click

.

A page displays to confirm your changes.

9.

Click the Admin tab, and then click

Commit and Reboot

in the task bar.

10. Click

to save your changes to permanent memory.

The rdr rule: Allowing external access to a LAN computer

{

XE "RDR (NAT flavor)"

}{

XE "NAT:RDR flavor"

}

You can create an rdr rule to make a

computer on your LAN, such as a Web or FTP server, available to Internet users without

requiring you to obtain a public IP address for that computer. The computer’s private IP address

is translated to your public IP address in all incoming and outgoing data packets.

Note

Without an rdr rule (or bimap rule described on page 39), the

ATU-R130 blocks attempts by external computers to access your

LAN computers.

Figure shows the fields used to establish a rdr rule:

Figure 26. NAT Rule – Add Page (rdr Flavor){ XE "NAT Rule—

Add page - rdr" }{ XE "Pages:NAT

Rule Add - rdr" }

Follow these instructions to add an rdr rule (see steps 1-4 under "The napt rule" on page 33 for

specific instructions corresponding to steps 1 and 2 below):

ATU-R130 ADSL Ethernet Router User’s Guide

36

1.

Display the NAT Rule – Add Page, select

RDR

as the Rule Flavor, and enter a Rule

ID.

2.

Select the interface on which this rule will be effective.

3.

Select a protocol to which this rule applies, or choose

ALL

.

This selection specifies which type of Internet communication will be subject to this

translation rule. You can select ALL if the rule applies to all data. Or, select TCP, UDP,

ICMP, or a number from 1-255 that represents the IANA-specified protocol number.

4.

In the Local Address From and Local Address To fields, type the same private IP

address, or the lowest and highest addresses in a range:

?

If you type the same IP address in both fields, incoming traffic that matches the

criteria you specify in steps 5 and 6 will be redirected to that IP address.

?

If you type a range of addresses, incoming traffic will be redirected to any available

computer in that range. This option would typically be used for load balancing,

whereby traffic is distributed among several redundant servers to help ensure

efficient network performance.

These addresses should correspond to private addresses already in use on your network

(either assigned statically to your PCs or assigned dynamically using DHCP).

5.

In the Global Address From and Global Address To fields, type the public IP address

assigned to you by your ISP.

If you have multiple WAN (PPP) interfaces, this rule will not be enforced for data that

arrives on other PPP interfaces. This rule will not be enforced for data that arrives on

WAN interfaces not specified here.

If you have multiple WAN interfaces and want the rule to be enforced on more than

one of them (or all), type the starting and ending IP addresses of the range.

6.

In the Destination Port From and Destination Port To fields, enter the port ID (or a

range) that you expect to see on incoming packets destined for the LAN computer for

which this rule is being created.

Incoming traffic that meets this criteria will be redirected to the Local Port number you

specify in the next field.

For example, if you grant public access to a Web server on your LAN, you would expect

that incoming packets destined for that computer would contain the well-known web

server port number, 80. This setting serves as a filter; data packets not containing this port

number would not be granted access to you local computer.

7.

If the LAN computer that you are making publicly available is configured to use a non-

standard port number

{

XE "Port numbers:using non-standard"

}

for the type of traffic it

receives, type the non-standard port number in the Local Port field.

This option translates the standard port number in packets destined for your LAN computer

to the non-standard number you specify. For example, if your Web server uses (non-

standard) port 2000, but you expect incoming data packets to refer to (standard) port 80,

you would enter 2000 here and 80 in the Destination Port fields. The headers of incoming

packets destined for port 80 will be modified to refer to port 2000. The packet can then be

routed appropriately to the web server.

8.

Follow steps 7-12 under "The napt rule" on page 33 to submit your changes.

The basic rule: Performing 1:1 translations

{

XE "BASIC NAT flavor"

}{

XE "NAT:BASIC flavor"

}

The basic flavor translates the private

(LAN-side) IP address to a public (WAN-side) address, like napt rules. However, unlike napt

rules, basic rules do not also translate the port numbers in the packet header; they are passed

ATU-R130 ADSL Ethernet Router User’s Guide

37

through untranslated. Therefore, the basic rule does not provide the same level of security as

the napt rule. Figure shows the fields used for adding a basic rule.

Figure 27. NAT Rule – Add Page (basic Flavor) { XE "NAT Rule—

Add

page - basic" }{ XE "Pages:NAT Rule Add - basic" }

Follow these instructions to add an basic rule (see steps 1-4 under "The napt rule" on page 33

for specific instructions corresponding to steps 1 and 2 below):

1.

Display the NAT Rule – Add Page, select

BASIC

as the Rule Flavor, and enter a Rule

ID.

2.

Select the interface on which this rule will be effective.

3.

Select a protocol to which this rule applies, or choose

ALL

.

This selection specifies which type of Internet communication will be subject to this

translation rule. You can select ALL if the rule applies to all data. Or, select TCP, UDP,

ICMP, or a number from 1-255 that represents the IANA-specified protocol number.

4.

In the Local Address From and Local Address To fields, type the starting and ending

IP addresses that identify the range of private address you want to be translated. Or,

type the same address in both fields.

If you specify a range, each address will be translated in sequence to a corresponding

address in a range of global addresses (which you specify in step 5).

You can create a basic rule for each specific address translation to occur. The range of

addresses should correspond to private addresses already in use on your network,

whether assigned statically to your PCs, or assigned dynamically using DHCP.

5.

In the Global Address From and Global Address To fields, type the starting and

ending address that identify the pool of public IP addresses that the private addresses

should be translated to. Or, type the same address in both fields (if you also specified

a single address in step 4).

6.

Follow steps 7-12 under "The napt rule" on page 33 to submit your changes.

The filter rule: Configuring a basic rule with additional criteria

{

XE "FILTER NAT flavor"

}{

XE "NAT:FILTER flavor"

}

Like the basic flavor, the filter flavor

translates public and private IP addresses on a one-to-one basis. The filter flavor extends the

capability of the basic rule. Refer to “The basic Rule”on page 36 for a general description.

You can use the filter rule if you want an address translation to occur only when your LAN

computers initiate access to specific destinations. The destinations can be identified by their

IP addresses, server type (such as FTP or Web server), or both. Figure shows the fields

used to establish a filter rule.