Page 51 / 89 Scroll up to view Page 46 - 50
WebShare 111/141
A02-RA111 / A02-RA141
Pag. 42
Page 52 / 89
WebShare 111/141
A02-RA111 / A02-RA141
Pag. 43
CHAPTER 7: Network Address Translation
(NAT)
This chapter discusses how to configure NAT on the WebShare Router
ADSL2+.
7.1 NAT Overview
NAT (Network Address Translation - NAT, RFC 1631) is the translation of the IP
address of a host in a packet, for example, the source address of an outgoing
packet, used within one network to a different IP address known within another
network.
7.1.1 NAT Definitions
Inside/outside denotes where a host is located relative to the ADSL Router, for
example, the computers of your subscribers are the inside hosts, while the web
servers on the Internet are the outside hosts.
Global/local denotes the IP address of a host in a packet as the packet traverses
a router, for example, the local address refers to the IP address of a host when
the packet is in the local network, while the global address refers to the IP
address of the host when the same packet is traveling in the WAN side.
Note that inside/outside refers to the location of a host, while global/local refers to
the IP address of a host used in a packet. Thus, an inside local address (ILA) is
the IP address of an inside host in a packet when the packet is still in the local
network, while an inside global address (IGA) is the IP address of the same inside
host when the packet is on the WAN side. The following table summarizes this
information.
Item
Description
Inside
This refers to the host on the LAN.
Outside
This refers to the host on the WAN.
Local
This refers to the packet address (source or destination) as the packet
travels on the LAN.
Global
This refers to the packet address (source or destination) as the packet
travels on the WAN.
7.1.2 What NAT Does
In the simplest form, NAT changes the source IP address in a packet received
from a subscriber (the inside local address) to another (the inside global address)
before forwarding the packet to the WAN side. When the response comes back,
Page 53 / 89
WebShare 111/141
A02-RA111 / A02-RA141
Pag. 44
NAT translates the destination address (the inside global address) back to the
inside local address before forwarding it to the original inside host. Note that the
IP address (either local or global) of an outside host is never changed.
The global IP addresses for the inside hosts can be either static or dynamically
assigned by the ISP. In addition, you can designate servers, for example, a web
server and a telnet server, on your local network and make them accessible to the
outside world. With no servers defined, the ADSL Router filters out all incoming
inquiries, thus preventing intruders from probing your network. For more
information on IP address translation, refer to RFC 1631, The IP Network Address
Translator (NAT).
7.1.3 How NAT Works
Each packet has two addresses – a source address and a destination address.
For outgoing packets, the ILA (Inside Local Address) is the source address on the
LAN, and the IGA (Inside Global Address) is the source address on the WAN. For
incoming packets, the ILA is the destination address on the LAN, and the IGA is
the destination address on the WAN. NAT maps private (local) IP addresses to
globally unique ones required for communication with hosts on other networks. It
replaces the original IP source address (and TCP or UDP source port numbers for
Many-to-One and Many-to-Many Overload NAT mapping) in each packet and
then forwards it to the Internet. The ADSL Router keeps track of the original
addresses and port numbers so incoming reply packets can have their original
values restored. The following figure illustrates this.
7.1.4 NAT Application
The following figure illustrates a possible NAT application, where three inside
LANs (logical LANs using IP Alias) behind the ADSL Router can communicate
Page 54 / 89
WebShare 111/141
A02-RA111 / A02-RA141
Pag. 45
with three distinct WAN networks. More examples follow at the end of this
chapter.
7.1.5 NAT Mapping Types
NAT supports five types of IP/port mapping. They are:
1.
One to One:
In One-to-One mode, the ADSL Router maps one local IP
address to one global IP address.
2.
Many to One:
In Many-to-One mode, the ADSL Router maps multiple local IP
addresses to one global IP address.
3.
Many to Many Overload:
In Many-to-Many Overload mode, the ADSL Router
maps the multiple local IP addresses to shared global IP addresses.
4.
Many-to-Many No Overload:
In Many-to-Many No Overload mode, the ADSL
Router maps each local IP address to a unique global IP address.
5.
Server:
This type allows you to specify inside servers of different services
behind the NAT to be accessible to the outside world.
The following table summarizes these types.
Type
IP Mapping
One-to-One
ILA1
IGA1
Many-to-One (SUA/PAT)
ILA1
IGA1
ILA2
IGA1
Many-to-Many Overload
ILA1
IGA1
ILA2
IGA2
ILA3
IGA1
Page 55 / 89
WebShare 111/141
A02-RA111 / A02-RA141
Pag. 46
ILA4
IGA2
Many-to-Many No Overload
ILA1
IGA1
ILA2
IGA2
ILA3
IGA3
Server
Server 1 IP
IGA1
Server 2 IP
IGA1
Server 3 IP
IGA1
7.2 SUA (Single User Account) Versus NAT
SUA (Single User Account) is a implementation of a subset of NAT that supports
two types of mapping, Many-to-One and Server. The ADSL Router also supports
Full Feature NAT to map multiple global IP addresses to multiple private LAN IP
addresses of clients or servers using mapping types as outlined in
7.3 Virtual
Server and DMZ
A Virtual server set is a list of inside (behind NAT on the LAN) servers, for
example, web or FTP, that you can make visible to the outside world even though
SUA makes your whole inside network appear as a single computer to the outside
world.
You may enter a single port number or a range of port numbers to be forwarded,
and the local IP address of the desired server. The port number identifies a
service; for example, web service is on port 80 and FTP on port 21. In some
cases, such as for unknown services or where one server can support more than
one service (for example both FTP and web service), it might be better to specify
a range of port numbers. You can allocate a server IP address that corresponds to
a port or a range of ports.
Many residential broadband ISP accounts do not allow you to run any server
processes (such as a Web or FTP server) from your location. Your ISP may
periodically check for servers and may suspend your account if it discovers any
active services at your location. If you are unsure, refer to your ISP.
Default Server IP Address
In addition to the servers for specified services, NAT supports a default server IP
address. A default server receives packets from ports that are not specified in this
screen.
7.3.1 Port Forwarding: Services and Port Numbers
A NAT server set is a list of inside (behind NAT on the LAN) servers, for example,
web or FTP, that you can make accessible to the outside world even though NAT
makes your whole inside network appear as a single machine to the outside
world.
Use the SUA Server page to forward incoming service requests to the server(s)

Rate

4.5 / 5 based on 2 votes.

Popular Atlantis-Land Models

Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top