Atlantis-Land WebShare-111 Router Manual PDF (Setup & Configuration Guide)

Home

Manuals

Atlantis-Land

WebShare-111

Page 51 / 89 Scroll up to view Page 46 - 50

WebShare 111/141

A02-RA111 / A02-RA141

Pag. 42

Page 52 / 89

WebShare 111/141

A02-RA111 / A02-RA141

Pag. 43

CHAPTER 7: Network Address Translation

(NAT)

This chapter discusses how to configure NAT on the WebShare Router

ADSL2+.

7.1 NAT Overview

NAT (Network Address Translation - NAT, RFC 1631) is the translation of the IP

address of a host in a packet, for example, the source address of an outgoing

packet, used within one network to a different IP address known within another

network.

7.1.1 NAT Definitions

Inside/outside denotes where a host is located relative to the ADSL Router, for

example, the computers of your subscribers are the inside hosts, while the web

servers on the Internet are the outside hosts.

Global/local denotes the IP address of a host in a packet as the packet traverses

a router, for example, the local address refers to the IP address of a host when

the packet is in the local network, while the global address refers to the IP

address of the host when the same packet is traveling in the WAN side.

Note that inside/outside refers to the location of a host, while global/local refers to

the IP address of a host used in a packet. Thus, an inside local address (ILA) is

the IP address of an inside host in a packet when the packet is still in the local

network, while an inside global address (IGA) is the IP address of the same inside

host when the packet is on the WAN side. The following table summarizes this

information.

Item

Description

Inside

This refers to the host on the LAN.

Outside

This refers to the host on the WAN.

Local

This refers to the packet address (source or destination) as the packet

travels on the LAN.

Global

This refers to the packet address (source or destination) as the packet

travels on the WAN.

7.1.2 What NAT Does

In the simplest form, NAT changes the source IP address in a packet received

from a subscriber (the inside local address) to another (the inside global address)

before forwarding the packet to the WAN side. When the response comes back,

Page 53 / 89

WebShare 111/141

A02-RA111 / A02-RA141

Pag. 44

NAT translates the destination address (the inside global address) back to the

inside local address before forwarding it to the original inside host. Note that the

IP address (either local or global) of an outside host is never changed.

The global IP addresses for the inside hosts can be either static or dynamically

assigned by the ISP. In addition, you can designate servers, for example, a web

server and a telnet server, on your local network and make them accessible to the

outside world. With no servers defined, the ADSL Router filters out all incoming

inquiries, thus preventing intruders from probing your network. For more

information on IP address translation, refer to RFC 1631, The IP Network Address

Translator (NAT).

7.1.3 How NAT Works

Each packet has two addresses – a source address and a destination address.

For outgoing packets, the ILA (Inside Local Address) is the source address on the

LAN, and the IGA (Inside Global Address) is the source address on the WAN. For

incoming packets, the ILA is the destination address on the LAN, and the IGA is

the destination address on the WAN. NAT maps private (local) IP addresses to

globally unique ones required for communication with hosts on other networks. It

replaces the original IP source address (and TCP or UDP source port numbers for

Many-to-One and Many-to-Many Overload NAT mapping) in each packet and

then forwards it to the Internet. The ADSL Router keeps track of the original

addresses and port numbers so incoming reply packets can have their original

values restored. The following figure illustrates this.

7.1.4 NAT Application

The following figure illustrates a possible NAT application, where three inside

LANs (logical LANs using IP Alias) behind the ADSL Router can communicate

Page 54 / 89

WebShare 111/141

A02-RA111 / A02-RA141

Pag. 45

with three distinct WAN networks. More examples follow at the end of this

chapter.

7.1.5 NAT Mapping Types

NAT supports five types of IP/port mapping. They are:

One to One:

In One-to-One mode, the ADSL Router maps one local IP

address to one global IP address.

Many to One:

In Many-to-One mode, the ADSL Router maps multiple local IP

addresses to one global IP address.

Many to Many Overload:

In Many-to-Many Overload mode, the ADSL Router

maps the multiple local IP addresses to shared global IP addresses.

Many-to-Many No Overload:

In Many-to-Many No Overload mode, the ADSL

Router maps each local IP address to a unique global IP address.

Server:

This type allows you to specify inside servers of different services

behind the NAT to be accessible to the outside world.

The following table summarizes these types.

Type

IP Mapping

One-to-One

ILA1

IGA1

Many-to-One (SUA/PAT)

ILA1

IGA1

ILA2

IGA1

…

Many-to-Many Overload

ILA1

IGA1

ILA2

IGA2

ILA3

IGA1

Page 55 / 89

WebShare 111/141

A02-RA111 / A02-RA141

Pag. 46

ILA4

IGA2

…

Many-to-Many No Overload

ILA1

IGA1

ILA2

IGA2

ILA3

IGA3

…

Server

Server 1 IP

IGA1

Server 2 IP

IGA1

Server 3 IP

IGA1

7.2 SUA (Single User Account) Versus NAT

SUA (Single User Account) is a implementation of a subset of NAT that supports

two types of mapping, Many-to-One and Server. The ADSL Router also supports

Full Feature NAT to map multiple global IP addresses to multiple private LAN IP

addresses of clients or servers using mapping types as outlined in

7.3 Virtual

Server and DMZ

A Virtual server set is a list of inside (behind NAT on the LAN) servers, for

example, web or FTP, that you can make visible to the outside world even though

SUA makes your whole inside network appear as a single computer to the outside

world.

You may enter a single port number or a range of port numbers to be forwarded,

and the local IP address of the desired server. The port number identifies a

service; for example, web service is on port 80 and FTP on port 21. In some

cases, such as for unknown services or where one server can support more than

one service (for example both FTP and web service), it might be better to specify

a range of port numbers. You can allocate a server IP address that corresponds to

a port or a range of ports.

Many residential broadband ISP accounts do not allow you to run any server

processes (such as a Web or FTP server) from your location. Your ISP may

periodically check for servers and may suspend your account if it discovers any

active services at your location. If you are unsure, refer to your ISP.

Default Server IP Address

In addition to the servers for specified services, NAT supports a default server IP

address. A default server receives packets from ports that are not specified in this

screen.

7.3.1 Port Forwarding: Services and Port Numbers

A NAT server set is a list of inside (behind NAT on the LAN) servers, for example,

web or FTP, that you can make accessible to the outside world even though NAT

makes your whole inside network appear as a single machine to the outside

world.

Use the SUA Server page to forward incoming service requests to the server(s)

Rate

Popular Atlantis-Land Models

Famous Router IPs

Famous Router Companies

Bookmark Our Site

Share