WF200

802.11g Wireless Router

36

Virtual Circuit (VC):

The Virtual Circuit (VC) properties of the ATM VC interface identify a unique

path that your ADSL/Ethernet router uses to communicate via the ATM-based network of ISP.

NAT Status:

This filed shows the current status of the NAT function for the current VC.

Number of IPs:

This field is to specify how many IPs are provided by your ISP for current VC. It can

be single IP or multiple IPs.

Note:

For VCs with single IP, they share the same DMZ & Virtual servers; for VCs with multiple IPs,

each VC cab set DMZ and Virtual servers. Furthermore, for VCs with multiple IPs, they can define the

Address Mapping rules; for VCs with single IP, since they have only one IP, there is no need to

individually define the Address Mapping rule.

6.3.1 What NAT Does

NAT changes the source IP address in a packet received from a subscriber (the inside local address) to

another (the inside global address) before forwarding the packet to the WAN side. When the response

comes back, NAT translates the destination address (the inside global address) back to the inside local

address before forwarding it to the original inside host. Note that the IP address (either local or global)

of an outside host is never changed.

The global IP addresses for the inside hosts can be either static or dynamically assigned by the ISP.

You may also designate servers, such as a Web server and a telnet server, on your local network and

make them accessible to the outside world. With no servers defined, your ROUTER filters out all

incoming inquiries, thus preventing intruders from probing your network. For more information on IP

address translation, refer to RFC 1631, The IP Network Address Translator (NAT).

Inside/outside indicates where a host is located relative to the ROUTER. The computers hosts of your

LAN are inside, while the Web servers on the Internet are outside.

Global/local indicates the IP address of a host in a packet as the packet traverses a router. The local

address refers to the IP address of a host when the packet is in the local network, while the global

address refers to the IP address of the host when the same packet is traveling in the WAN side.

Note that inside/outside refers to the location of a host, while global/local refers to the IP address of a

host used in a packet. Thus, an inside local address (ILA) is the IP address of an inside host of a packet

when the packet is still in the local network, while an inside global address (IGA) is the IP address of

the same inside host when the packet is on the WAN side.

The following table summarizes this information.

ITEM

DESCRIPTION

Inside

This refers to the host on the LAN.

WF200

802.11g Wireless Router

37

Outside

This refers to the host on the WAN.

Local

This refers to the packet address (source or destination) as the packet travels on the

LAN.

Global

This refers to the packet address (source or destination) as the packet travels on the

WAN.

6.3.2 How NAT Works

Each packet has two addresses – a source address and a destination address. For outgoing packets, the

ILA is the source address on the LAN, and the IGA is the source address on the WAN. For incoming

packets, the ILA is the destination address on the LAN, and the IGA is the destination address on the

WAN. NAT maps private (local) IP addresses to globally unique ones required for communication with

hosts on other networks. It replaces the original IP source address (and TCP or UDP source port

numbers for Many-to-One and Many-to-Many Overload NAT mapping) in each packet and then

forwards it to the Internet. The ROUTER keeps track of the original addresses and port numbers so

incoming reply packets can have their original values restored.

The following figure illustrates this.

6.3.3 NAT Application

The following figure illustrates a possible NAT application, where three inside LANs (logical LANs

using IP Alias) behind the router can communicate with three distinct WAN networks. More examples

follow at the end of this chapter.

6.3.4 NAT Mapping Types

NAT supports five types of IP/port mapping. They are:

a.

One-to-One

: In One-to-One mode, the device maps one local IP address to one global IP address.

b.

Many-to-One

: In Many-to-One mode, the device maps multiple local IP addresses to one global IP

WF200

802.11g Wireless Router

38

address.

c.

Many-to-Many Overload

: In Many-to-Many Overload mode, the device maps multiple local IP

addresses to shared global IP addresses.

d.

Many-to-Many No Overload

: In Many-to-Many No Overload mode, the device maps each local IP

address to a unique global IP address.

e.

Server

: This type allows you to specify inside servers of different services behind the NAT to be

accessible to the outside world.

The following table summarizes these types.

TYPE

IP MAPPING

One-to-One

ILA1

IGA1

Many-to-One (SUA/PAT)

ILA1

IGA1

ILA2

IGA1

…

Many-to-Many Overload

ILA1

IGA1

ILA2

IGA2

ILA3

IGA1

ILA4

IGA2

…

Many-to-Many No Overload

ILA1

IGA1

ILA2

IGA2

ILA3

IGA3

…

Server

Server 1 IP

IGA1

Server 2 IP

IGA1

Server 3 IP

IGA1

6.3.5 DMZ

A

DMZ

(de-militarized zone) is a host between a private local network and the outside public network.

It prevents outside users from getting direct access to server that has company data. Users of the public

network outside the company can access only the DMZ host.

DMZ:

Toggle the DMZ function Enabled or Disabled.

DMZ Host IP Address:

Enter the specified IP Address for DMZ host on the LAN side

When you have finished making changes, click on

SAVE

to save your changes or on

BACK

to return

to the previous screen.

6.3.6 Virtual Server

The Virtual Server is the server or server(s) behind NAT (on the LAN), for example, Web server or

FTP server, that you can make visible to the outside world even though NAT makes your whole inside

network appear as a single machine to the outside world.

Rule Index:

The Virtual server rule index for this VC. You can specify up to 10 rules. All the VCs

WF200

802.11g Wireless Router

39

with single IP will use the same Virtual Server rules.

Start & End port number:

Enter the specific Start and End Port number you want to forward. If it is

one port only, you can enter the End port number the same as Start port number. For example, set the

FTP Virtual server, you can set the start and end port number to 21.

Local IP Address:

Enter the IP Address for the Virtual Server in LAN side.

Virtual Server Listing:

This is a listing of all virtual servers your have set.

When you are done making changes, click on

SAVE

to save your changes,

DELETE

to delete the rule

with the parameters you set,

BACK

to return to the previous screen or

CANCEL

to exit without

saving.

6.3.7 IP Address Mapping

The IP Address Mapping is for those VCs that with multiple IPs. The IP Address Mapping rule is per-

VC based. (only for Multiple IPs’ VCs).

Rule Index:

The Virtual server rule index for this VC. You can specify up to 10 rules. All the VCs

with single IP will use the same Virtual Server rules.

Rule Type:

There are 4 types of

One-to-One

,

Many-to-One, Many-to-Many Overload

, and

Many-to

Many No-Overload

.

Local Start & End IP:

Enter the local IP address you plan to map to. Local Start IP is the starting

local IP address & Local End IP is the ending local IP address. If the rule is for all local IPs, then the

Start IP is 0.0.0.0 and the End IP is 255.255.255.255.

Public Start & End IP:

Enter the Public IP Address you want to do NAT. Public Start IP is the

starting Public IP Address and Public End IP is the ending Public IP Address. If you have a Dynamic

IP, enter 0.0.0.0 as the Public Start IP.

When you are done making changes, click on

SAVE

to save your changes,

DELETE

to delete the rule

with the parameters you set,

BACK

to return to the previous screen or

CANCEL

to exit without

saving.

WF200

802.11g Wireless Router

40

6.4

QoS

QoS (Quality of Service). This option will provide better service of selected network traffic over

various technologies. Deploying QoS management to guarantee that all application receive the service

levels required and sufficient bandwidth to meet performance expectations is indeed one important

aspect of modem enterprise network.

6.5 VLAN

Virtual LAN (VLAN) is a group of devices on one or more LANs that are configured so that they can

communicate as if they were attached to the same wire, when in fact they are located on a number of

different LAN segments. Because VLANs are based on logical instead of physical connections, it is

very flexible for user/host management, bandwidth allocation and resource optimization.