Page 151 / 320 Scroll up to view Page 146 - 150
AMG1302/AMG1202-TSeries User’s Guide
151
C
HAPTER
11
Network Address Translation (NAT)
11.1
Overview
This chapter discusses how to configure NAT on the AMG1302/AMG1202-TSeries. NAT (Network
Address Translation - NAT, RFC 1631) is the translation of the IP address of a host in a packet, for
example, the source address of an outgoing packet, used within one network to a different IP
address known within another network.
11.1.1
What You Can Do in the NAT Screens
Use the
General
screen (
Section 11.2 on page 152
) to activate/deactivate NAT for the default
WAN connection (PVC0).
Use the
Port Forwarding
screen (
Section 11.3 on page 153
) to configure forward incoming
service requests to the server(s) on your local network.
Use the
DMZ
screen to configure a default server (
Section 11.4 on page 156
).
11.1.2
What You Need To Know About NAT
Inside/Outside
Inside/outside denotes where a host is located relative to the AMG1302/AMG1202-TSeries, for
example, the computers of your subscribers are the inside hosts, while the web servers on the
Internet are the outside hosts.
Global/Local
Global/local denotes the IP address of a host in a packet as the packet traverses a router, for
example, the local address refers to the IP address of a host when the packet is in the local
network, while the global address refers to the IP address of the host when the same packet is
traveling in the WAN side.
NAT
In the simplest form, NAT changes the source IP address in a packet received from a subscriber
(the inside local address) to another (the inside global address) before forwarding the packet to the
WAN side. When the response comes back, NAT translates the destination address (the inside
global address) back to the inside local address before forwarding it to the original inside host.
Page 152 / 320
Chapter 11 Network Address Translation (NAT)
AMG1302/AMG1202-TSeries User’s Guide
152
Port Forwarding
A port forwarding set is a list of inside (behind NAT on the LAN) servers, for example, web or FTP,
that you can make visible to the outside world even though NAT makes your whole inside network
appear as a single computer to the outside world.
Finding Out More
See
Section 11.5 on page 156
for advanced technical information on NAT.
11.2
The NAT General Screen
Use this screen to activate NAT for the default WAN connection (PVC0). Click
Network Setting >
NAT
to open the following screen.
Note: You must create an IP filter rule in addition to setting up NAT, to allow traffic from
the WAN to be forwarded through the AMG1302/AMG1202-TSeries.
Figure 66
Network Setting > NAT > General
The following table describes the labels in this screen.
Table 48
Network Setting > NAT > General
LABEL
DESCRIPTION
Active
Select this check box to enable NAT.
Max NAT/Firewall
Session Per User
When computers use peer to peer applications, such as file sharing applications, they
need to establish NAT sessions. If you do not limit the number of NAT sessions a single
client can establish, this can result in all of the available NAT sessions being used. In
this case, no additional NAT sessions can be established, and users may not be able to
access the Internet.
Each NAT session establishes a corresponding firewall session. Use this field to limit the
number of NAT/Firewall sessions client computers can establish through the AMG1302/
AMG1202-TSeries.
If your network has a small number of clients using peer to peer applications, you can
raise this number to ensure that their performance is not degraded by the number of
NAT sessions they can establish. If your network has a large number of users using peer
to peer applications, you can lower this number to ensure no single client is exhausting
all of the available NAT sessions.
Apply
Click this to save your changes.
Cancel
Click this to restore your previously saved settings.
Page 153 / 320
Chapter 11 Network Address Translation (NAT)
AMG1302/AMG1202-TSeries User’s Guide
153
11.3
The Port Forwarding Screen
Use this screen to forward incoming service requests to the server(s) on your local network.
You may enter a single port number or a range of port numbers to be forwarded, and the local IP
address of the desired server. The port number identifies a service; for example, web service is on
port 80 and FTP on port 21. In some cases, such as for unknown services or where one server can
support more than one service (for example both FTP and web service), it might be better to
specify a range of port numbers. You can allocate a server IP address that corresponds to a port or
a range of ports.
The most often used port numbers and services are shown in
Appendix F on page 305
. Please refer
to RFC 1700 for further information about port numbers.
Note: Many residential broadband ISP accounts do not allow you to run any server
processes (such as a Web or FTP server) from your location. Your ISP may
periodically check for servers and may suspend your account if it discovers any
active services at your location. If you are unsure, refer to your ISP.
Default Server IP Address
In addition to the servers for specified services, NAT supports a default server IP address. A default
server receives packets from ports that are not specified in this screen.
Note: If you do not assign a
Default Server
IP address, the AMG1302/AMG1202-TSeries
discards all packets received for ports that are not specified here or in the remote
management setup.
Configuring Servers Behind Port Forwarding (Example)
Let's say you want to assign ports 21-25 to one FTP, Telnet and SMTP server (
A
in the example),
port 80 to another (
B
in the example) and assign a default server IP address of 192.168.1.35 to a
third (
C
in the example). You assign the LAN IP addresses and the ISP assigns the WAN IP address.
The NAT network appears as a single host on the Internet.
Figure 67
Multiple Servers Behind NAT Example
11.3.1
Configuring the Port Forwarding Screen
Click
Network Setting > NAT > Port Forwarding
to open the following screen.
A=192.168.1.33
D=192.168.1.36
C=192.168.1.35
B=192.168.1.34
WAN
LAN
192.168.1.1
IP Address assigned by ISP
Page 154 / 320
Chapter 11 Network Address Translation (NAT)
AMG1302/AMG1202-TSeries User’s Guide
154
See
Appendix F on page 305
for port numbers commonly used for particular services.
Note: Make sure NAT is activated on the WAN connection before you configure a port
forwarding rule for it. For the default WAN connection (PVC0), activate NAT in the
Network Setting > NAT > General
screen. For other WAN connections
(PVC1~PVC7), activate NAT for an individual WAN connection in the
Broadband
>
More Connections
>
Edit
screen.
Figure 68
Network Setting > NAT > Port Forwarding
The following table describes the fields in this screen.
11.3.2
Port Forwarding Rule Add/Edit
Use this screen to add or edit a port forwarding rule. Click the
Add new rule
button or a rule’s edit
icon in the
Port Forwarding
screen to display the screen as shown next.
Table 49
Network Setting > NAT > Port Forwarding
LABEL
DESCRIPTION
WAN Interface
Select a WAN connection for which you want to configure a port forwarding rule.
Add new rule
Click this button to add a rule to the table below.
#
This is the rule index number (read-only).
Active
This field indicates whether the rule is active or not.
Clear the check box to disable the rule. Select the check box to enable it.
Service Name
This is a service’s name.
External Start Port
This is the first port number of a port range that incoming service requests may use to
access the service in your local network.
External End Port
This is the last port number of a port range that incoming service requests may use to
access the service in your local network.
Internal Start Port
This is the starting port number that the device translates for the service in your local
network.
Internal End Port
This is the ending port number that the device translates for the service in your local
network.
Server IP Address
This is the server’s IP address in your local network.
Modify
Click the edit icon to go to the screen where you can edit the port forwarding rule.
Click the delete icon to delete an existing port forwarding rule. Note that subsequent
address mapping rules move up by one when you take this action.
Page 155 / 320
Chapter 11 Network Address Translation (NAT)
AMG1302/AMG1202-TSeries User’s Guide
155
Figure 69
Network Setting > NAT > Port Forwarding: Add/Edit
The following table describes the fields in this screen.
Table 50
Network Setting > NAT > Port Forwarding: Edit
LABEL
DESCRIPTION
Active
Click this check box to enable the rule.
Service Name
Enter a name to identify this port-forwarding rule.
External Start
Port
Enter a port number in this field.
To forward only one port, enter the port number again in the
End Port
field.
To forward a series of ports, enter the start port number here and the end port number in
the
End Port
field.
External End Port
Enter a port number in this field.
To forward only one port, enter the port number in the
Start
Port
field above and then
enter it again in this field.
To forward a series of ports, enter the last port number in a series that begins with the
port number in the
Start Port
field above.
Server IP
Address
Enter the IP address of the server in your local network.
Trigger Protocol
Select the protocol of the service,
TCP
,
UDP
or
ALL
(TCP+UDP).
Open Start Port
Enter the first port number here to which you want the device to translate the incoming
port. For a range of ports, you only need to enter the first number of the range to which
you want the incoming ports translated, the device automatically calculates the last port of
the translated port range.
Open End Port
Enter the last port number here to which you want the device to translate the incoming
port. For a range of ports, you only need to enter the first number of the range to which
you want the incoming ports translated, the device automatically calculates the last port of
the translated port range.
Back
Click this to return to the previous screen without saving.
Apply
Click this to save your changes.
Cancel
Click this to restore your previously saved settings.

Rate

3.7 / 5 based on 3 votes.

Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top