46

Virtual Circuit (VC):

The Virtual Circuit (VC) properties of the ATM VC interface

identify a unique path that your ADSL/Ethernet router uses to communicate via the

ATM-based network with the telephone company central office equipment.

NAT Status:

This filed shows the current status of the NAT function for the current

VC.

Number of IPs:

This field is to specify how many IPs are provided by your ISP for

current VC. It can be single IP or multiple IPs.

Note:

For VCs with single IP, they share the same DMZ & Virtual servers; for VCs

with multiple IPs, each VC cab set DMZ and Virtual servers. Furthermore, for VCs

with multiple IPs, they can define the Address Mapping rules; for VCs with single IP,

since they have only one IP, there is no need to individually define the Address

Mapping rule.

What NAT Does

NAT changes the source IP address in a packet received from a subscriber (the inside

local address) to another (the inside global address) before forwarding the packet to the

WAN side. When the response comes back, NAT translates the destination address (the

inside global address) back to the inside local address before forwarding it to the

original inside host. Note that the IP address (either local or global) of an outside host is

never changed.

The global IP addresses for the inside hosts can be either static or dynamically assigned

by the ISP. You may also designate servers, such as a Web server and a telnet server, on

your local network and make them accessible to the outside world. With no servers

defined, your ROUTER filters out all incoming inquiries, thus preventing intruders

47

from probing your network. For more information on IP address translation, refer to

RFC 1631, The IP Network Address Translator (NAT).

Inside/outside indicates where a host is located relative to the ROUTER. The

computers hosts of your LAN are inside, while the Web servers on the Internet are

outside.

Global/local indicates the IP address of a host in a packet as the packet traverses a

router. The local address refers to the IP address of a host when the packet is in the local

network, while the global address refers to the IP address of the host when the same

packet is traveling in the WAN side.

Note that inside/outside refers to the location of a host, while global/local refers to the

IP address of a host used in a packet. Thus, an inside local address (ILA) is the IP

address of an inside host of a packet when the packet is still in the local network, while

an inside global address (IGA) is the IP address of the same inside host when the packet

is on the WAN side.

The following table summarizes this information.

ITEM

DESCRIPTION

Inside

This refers to the host on the LAN.

Outside

This refers to the host on the WAN.

Local

This refers to the packet address (source or destination) as the

packet travels on the LAN.

Global

This refers to the packet address (source or destination) as the

packet travels on the WAN.

How NAT Works

Each packet has two addresses – a source address and a destination address. For

outgoing packets, the ILA is the source address on the LAN, and the IGA is the source

address on the WAN. For incoming packets, the ILA is the destination address on the

LAN, and the IGA is the destination address on the WAN. NAT maps private (local) IP

addresses to globally unique ones required for communication with hosts on other

networks. It replaces the original IP source address (and TCP or UDP source port

numbers for Many-to-One and Many-to-Many Overload NAT mapping) in each packet

and then forwards it to the Internet. The ROUTER keeps track of the original addresses

and port numbers so incoming reply packets can have their original values restored.

The following figure illustrates this.

48

NAT Application

The following figure illustrates a possible NAT application, where three inside LANs

(logical LANs using IP Alias) behind the router can communicate with three distinct

WAN networks. More examples follow at the end of this chapter.

NAT Mapping Types

NAT supports five types of IP/port mapping. They are:

a.

One-to-One

: In One-to-One mode, the TC3162 EVM maps one local IP address to

one global IP address.

b.

Many-to-One

: In Many-to-One mode, the TC3162 EVM maps multiple local IP

addresses to one global IP address.

49

c.

Many-to-Many Overload

: In Many-to-Many Overload mode, the TC3162 EVM

maps multiple local IP addresses to shared global IP addresses.

d.

Many-to-Many No Overload

: In Many-to-Many No Overload mode, the TC3162

EVM maps each local IP address to a unique global IP address.

e.

Server

: This type allows you to specify inside servers of different services behind the

NAT to be accessible to the outside world.

The following table summarizes these types.

TYPE

IP MAPPING

One-to-One

ILA1 IGA1

Many-to-One

(SUA/PAT)

ILA1 IGA1

ILA2 IGA1

…

Many-to-Many

Overload

ILA1 IGA1

ILA2 IGA2

ILA3 IGA1

ILA4 IGA2

…

Many-to-Many No

Overload

ILA1 IGA1

ILA2 IGA2

ILA3 IGA3

…

Server

Server 1 IP IGA1

Server 2 IP IGA1

Server 3 IP IGA1

°

3.10.1.1 Virtual Server

Go to

Advanced Setup ->NAT -> Virtual Server

to set virtual server as you need.

(known as Port Mapping).

The Virtual Server is the server or server(s) behind NAT (on the LAN), for example,

Web server or FTP server, that you can make visible to the outside world even though

NAT makes your whole inside network appear as a single machine to the outside world.

Rule Index:

The Virtual server rule index for this VC. You can specify up to 10 rules.

All the VCs with single IP will use the same Virtual Server rules.

Start & End port number:

Enter the specific Start and End Port number you want to

forward. If it is one port only, you can enter the End port number the same as Start port

50

number. For example, set the FTP Virtual server, you can set the start and end port

number to 21.

Local IP Address:

Enter the IP Address for the Virtual Server in LAN side.

Virtual Server Listing:

This is a listing of all virtual servers your have set.

When you are done making changes, click on

SAVE

to save your changes,

DELETE

to delete the rule with the parameters you set,

BACK

to return to the previous screen or

CANCEL

to exit without saving.

°

3.10.1.2 DMZ Setting

Go to

Advanced Setup ->NAT -> DMZ

to set DMZ parameters.

A

DMZ

(de-militarized zone) is a host between a private local network and the

outside public network. It prevents outside users from getting direct access to s server

that has company data. Users of the public network outside the company can access

only the DMZ host.

DMZ:

Toggle the DMZ function Enabled or Disabled.

DMZ Host IP Address:

Enter the specified IP Address for DMZ host on the LAN

side