AMG1302/AMG1202-TSeries User’s Guide

151

C

HAPTER

11

Network Address Translation (NAT)

11.1

Overview

This chapter discusses how to configure NAT on the AMG1302/AMG1202-TSeries. NAT (Network

Address Translation - NAT, RFC 1631) is the translation of the IP address of a host in a packet, for

example, the source address of an outgoing packet, used within one network to a different IP

address known within another network.

11.1.1

What You Can Do in the NAT Screens

•

Use the

General

screen (

Section 11.2 on page 152

) to activate/deactivate NAT for the default

WAN connection (PVC0).

•

Use the

Port Forwarding

screen (

Section 11.3 on page 153

) to configure forward incoming

service requests to the server(s) on your local network.

•

Use the

DMZ

screen to configure a default server (

Section 11.4 on page 156

).

11.1.2

What You Need To Know About NAT

Inside/Outside

Inside/outside denotes where a host is located relative to the AMG1302/AMG1202-TSeries, for

example, the computers of your subscribers are the inside hosts, while the web servers on the

Internet are the outside hosts.

Global/Local

Global/local denotes the IP address of a host in a packet as the packet traverses a router, for

example, the local address refers to the IP address of a host when the packet is in the local

network, while the global address refers to the IP address of the host when the same packet is

traveling in the WAN side.

NAT

In the simplest form, NAT changes the source IP address in a packet received from a subscriber

(the inside local address) to another (the inside global address) before forwarding the packet to the

WAN side. When the response comes back, NAT translates the destination address (the inside

global address) back to the inside local address before forwarding it to the original inside host.

Chapter 11 Network Address Translation (NAT)

AMG1302/AMG1202-TSeries User’s Guide

152

Port Forwarding

A port forwarding set is a list of inside (behind NAT on the LAN) servers, for example, web or FTP,

that you can make visible to the outside world even though NAT makes your whole inside network

appear as a single computer to the outside world.

Finding Out More

See

Section 11.5 on page 156

for advanced technical information on NAT.

11.2

The NAT General Screen

Use this screen to activate NAT for the default WAN connection (PVC0). Click

Network Setting >

NAT

to open the following screen.

Note: You must create an IP filter rule in addition to setting up NAT, to allow traffic from

the WAN to be forwarded through the AMG1302/AMG1202-TSeries.

Figure 66

Network Setting > NAT > General

The following table describes the labels in this screen.

Table 48

Network Setting > NAT > General

LABEL

DESCRIPTION

Active

Select this check box to enable NAT.

Max NAT/Firewall

Session Per User

When computers use peer to peer applications, such as file sharing applications, they

need to establish NAT sessions. If you do not limit the number of NAT sessions a single

client can establish, this can result in all of the available NAT sessions being used. In

this case, no additional NAT sessions can be established, and users may not be able to

access the Internet.

Each NAT session establishes a corresponding firewall session. Use this field to limit the

number of NAT/Firewall sessions client computers can establish through the AMG1302/

AMG1202-TSeries.

If your network has a small number of clients using peer to peer applications, you can

raise this number to ensure that their performance is not degraded by the number of

NAT sessions they can establish. If your network has a large number of users using peer

to peer applications, you can lower this number to ensure no single client is exhausting

all of the available NAT sessions.

Apply

Click this to save your changes.

Cancel

Click this to restore your previously saved settings.

Chapter 11 Network Address Translation (NAT)

AMG1302/AMG1202-TSeries User’s Guide

153

11.3

The Port Forwarding Screen

Use this screen to forward incoming service requests to the server(s) on your local network.

You may enter a single port number or a range of port numbers to be forwarded, and the local IP

address of the desired server. The port number identifies a service; for example, web service is on

port 80 and FTP on port 21. In some cases, such as for unknown services or where one server can

support more than one service (for example both FTP and web service), it might be better to

specify a range of port numbers. You can allocate a server IP address that corresponds to a port or

a range of ports.

The most often used port numbers and services are shown in

Appendix F on page 305

. Please refer

to RFC 1700 for further information about port numbers.

Note: Many residential broadband ISP accounts do not allow you to run any server

processes (such as a Web or FTP server) from your location. Your ISP may

periodically check for servers and may suspend your account if it discovers any

active services at your location. If you are unsure, refer to your ISP.

Default Server IP Address

In addition to the servers for specified services, NAT supports a default server IP address. A default

server receives packets from ports that are not specified in this screen.

Note: If you do not assign a

Default Server

IP address, the AMG1302/AMG1202-TSeries

discards all packets received for ports that are not specified here or in the remote

management setup.

Configuring Servers Behind Port Forwarding (Example)

Let's say you want to assign ports 21-25 to one FTP, Telnet and SMTP server (

A

in the example),

port 80 to another (

B

in the example) and assign a default server IP address of 192.168.1.35 to a

third (

C

in the example). You assign the LAN IP addresses and the ISP assigns the WAN IP address.

The NAT network appears as a single host on the Internet.

Figure 67

Multiple Servers Behind NAT Example

11.3.1

Configuring the Port Forwarding Screen

Click

Network Setting > NAT > Port Forwarding

to open the following screen.

A=192.168.1.33

D=192.168.1.36

C=192.168.1.35

B=192.168.1.34

WAN

LAN

192.168.1.1

IP Address assigned by ISP

Chapter 11 Network Address Translation (NAT)

AMG1302/AMG1202-TSeries User’s Guide

154

See

Appendix F on page 305

for port numbers commonly used for particular services.

Note: Make sure NAT is activated on the WAN connection before you configure a port

forwarding rule for it. For the default WAN connection (PVC0), activate NAT in the

Network Setting > NAT > General

screen. For other WAN connections

(PVC1~PVC7), activate NAT for an individual WAN connection in the

Broadband

>

More Connections

>

Edit

screen.

Figure 68

Network Setting > NAT > Port Forwarding

The following table describes the fields in this screen.

11.3.2

Port Forwarding Rule Add/Edit

Use this screen to add or edit a port forwarding rule. Click the

Add new rule

button or a rule’s edit

icon in the

Port Forwarding

screen to display the screen as shown next.

Table 49

Network Setting > NAT > Port Forwarding

LABEL

DESCRIPTION

WAN Interface

Select a WAN connection for which you want to configure a port forwarding rule.

Add new rule

Click this button to add a rule to the table below.

#

This is the rule index number (read-only).

Active

This field indicates whether the rule is active or not.

Clear the check box to disable the rule. Select the check box to enable it.

Service Name

This is a service’s name.

External Start Port

This is the first port number of a port range that incoming service requests may use to

access the service in your local network.

External End Port

This is the last port number of a port range that incoming service requests may use to

access the service in your local network.

Internal Start Port

This is the starting port number that the device translates for the service in your local

network.

Internal End Port

This is the ending port number that the device translates for the service in your local

network.

Server IP Address

This is the server’s IP address in your local network.

Modify

Click the edit icon to go to the screen where you can edit the port forwarding rule.

Click the delete icon to delete an existing port forwarding rule. Note that subsequent

address mapping rules move up by one when you take this action.

Chapter 11 Network Address Translation (NAT)

AMG1302/AMG1202-TSeries User’s Guide

155

Figure 69

Network Setting > NAT > Port Forwarding: Add/Edit

The following table describes the fields in this screen.

Table 50

Network Setting > NAT > Port Forwarding: Edit

LABEL

DESCRIPTION

Active

Click this check box to enable the rule.

Service Name

Enter a name to identify this port-forwarding rule.

External Start

Port

Enter a port number in this field.

To forward only one port, enter the port number again in the

End Port

field.

To forward a series of ports, enter the start port number here and the end port number in

the

End Port

field.

External End Port

Enter a port number in this field.

To forward only one port, enter the port number in the

Start

Port

field above and then

enter it again in this field.

To forward a series of ports, enter the last port number in a series that begins with the

port number in the

Start Port

field above.

Server IP

Address

Enter the IP address of the server in your local network.

Trigger Protocol

Select the protocol of the service,

TCP

,

UDP

or

ALL

(TCP+UDP).

Open Start Port

Enter the first port number here to which you want the device to translate the incoming

port. For a range of ports, you only need to enter the first number of the range to which

you want the incoming ports translated, the device automatically calculates the last port of

the translated port range.

Open End Port

Enter the last port number here to which you want the device to translate the incoming

port. For a range of ports, you only need to enter the first number of the range to which

you want the incoming ports translated, the device automatically calculates the last port of

the translated port range.

Back

Click this to return to the previous screen without saving.

Apply

Click this to save your changes.

Cancel

Click this to restore your previously saved settings.