1. Home
    2. /
  2. Manuals
    3. /
  3. Zyxel
    4. /
  4. NBG-418N
    5. /
  5. 21
Page 101 / 224 Scroll up to view Page 96 - 100
NBG-418N User’s Guide
101
C
HAPTER
10
Network Address Translation
10.1
Overview
This chapter discusses how to configure NAT on the NBG-418N.
NAT (Network Address Translation - NAT, RFC 1631) is the translation of the IP address of a host in
a packet. For example, the source address of an outgoing packet, used within one network is
changed to a different IP address known within another network.
Each packet has two addresses – a source address and a destination address. For outgoing packets,
NAT maps private (local) IP addresses to globally unique ones required for communication with
hosts on other networks. It replaces the original IP source address in each packet and then
forwards it to the Internet. The NBG-418N keeps track of the original addresses and port numbers
so incoming reply packets can have their original values restored. The following figure illustrates
this.
Figure 72
NAT Example
For more information on IP address translation, refer to
RFC 1631
,
The IP Network Address
Translator (NAT)
.
Note: You must create a firewall rule in addition to setting up NAT, to allow traffic from
the WAN to be forwarded through the NBG-418N.
A: 192.168.1.33
B: 192.168.1.34
C: 192.168.1.35
IP address
192.168.1.1
WAN
LAN
assigned by ISP
FTP, Telnet, SNMP
Port 80
Ports 21 to 25
Page 102 / 224
Chapter 10 Network Address Translation
NBG-418N User’s Guide
102
10.2
What You Can Do
Use the
General
screen to enable NAT and set a default server (
Section 10.3 on page 103
).
Use the
Application
screen to change your NBG-418N’s port forwarding settings (
Section 10.4
on page 104
).
10.2.1
What You Need To Know
The following terms and concepts may help as you read through this chapter.
Inside/Outside
This denotes where a host is located relative to the NBG-418N, for example, the computers of your
subscribers are the inside hosts, while the web servers on the Internet are the outside hosts.
Global/Local
This denotes the IP address of a host in a packet as the packet traverses a router, for example, the
local address refers to the IP address of a host when the packet is in the local network, while the
global address refers to the IP address of the host when the same packet is traveling in the WAN
side.
Note: Inside/outside refers to the location of a host, while global/local refers to the IP
address of a host used in a packet.
An inside local address (ILA) is the IP address of an inside host in a packet when the packet is still
in the local network, while an inside global address (IGA) is the IP address of the same inside host
when the packet is on the WAN side. The following table summarizes this information.
Note: NAT never changes the IP address (either local or global) of an outside host.
What NAT Does
In the simplest form, NAT changes the source IP address in a packet received from a subscriber
(the inside local address) to another (the inside global address) before forwarding the packet to the
WAN side. When the response comes back, NAT translates the destination address (the inside
global address) back to the inside local address before forwarding it to the original inside host. Note
that the IP address (either local or global) of an outside host is never changed.
Table 45
NAT Definitions
ITEM
DESCRIPTION
Inside
This refers to the host on the LAN.
Outside
This refers to the host on the WAN.
Local
This refers to the packet address (source or destination) as the packet travels on the LAN.
Global
This refers to the packet address (source or destination) as the packet travels on the WAN.
Page 103 / 224
Chapter 10 Network Address Translation
NBG-418N User’s Guide
103
The global IP addresses for the inside hosts can be either static or dynamically assigned by the ISP.
In addition, you can designate servers, for example, a web server and a telnet server, on your local
network and make them accessible to the outside world. If you do not define any servers , NAT
offers the additional benefit of firewall protection. With no servers defined, your NBG-418N filters
out all incoming inquiries, thus preventing intruders from probing your network. For more
information on IP address translation, refer to
RFC 1631
,
The IP Network Address Translator (NAT)
.
How NAT Works
Each packet has two addresses – a source address and a destination address. For outgoing packets,
the ILA (Inside Local Address) is the source address on the LAN, and the IGA (Inside Global
Address) is the source address on the WAN. For incoming packets, the ILA is the destination
address on the LAN, and the IGA is the destination address on the WAN. NAT maps private (local)
IP addresses to globally unique ones required for communication with hosts on other networks. It
replaces the original IP source address in each packet and then forwards it to the Internet. The
NBG-418N keeps track of the original addresses and port numbers so incoming reply packets can
have their original values restored. The following figure illustrates this.
Figure 73
How NAT Works
10.3
General NAT Screen
Use this screen to enable NAT and set a default server. Click
Network > NAT
to open the
General
screen.
Figure 74
Network > NAT > General
Page 104 / 224
Chapter 10 Network Address Translation
NBG-418N User’s Guide
104
The following table describes the labels in this screen.
10.4
NAT Application Screen
Use the
Application
screen to forward incoming service requests to the server(s) on your local
network. You may enter a single port number or a range of port numbers to be forwarded, and the
local IP address of the desired server. The port number identifies a service; for example, web
service is on port 80 and FTP on port 21. In some cases, such as for unknown services or where one
server can support more than one service (for example both FTP and web service), it might be
better to specify a range of port numbers.
In addition to the servers for specified services, NAT supports a default server. A service request
that does not have a server explicitly designated for it is forwarded to the default server. If the
default is not defined, the service request is simply discarded.
Note: Many residential broadband ISP accounts do not allow you to run any server
processes (such as a Web or FTP server) from your location. Your ISP may
periodically check for servers and may suspend your account if it discovers any
active services at your location. If you are unsure, refer to your ISP.
Port forwarding allows you to define the local servers to which the incoming services will be
forwarded. To change your NBG-418N’s port forwarding settings, click
Network > NAT
>
Application
. The screen appears as shown.
Note: If you do not assign a
Default Server
IP address
in the
NAT >
General
screen,
the NBG-418N discards all packets received for ports that are not specified in this
screen or remote management.
Refer to
Appendix E on page 209
for port numbers commonly used for particular services.
Table 46
Network > NAT > General
LABEL
DESCRIPTION
NAT Setup
Enable Network
Address
Translation
Network Address Translation (NAT) allows the translation of an Internet protocol address
used within one network (for example a private IP address used in a local network) to a
different IP address known within another network (for example a public IP address used
on the Internet).
Select the check box to enable NAT.
Default Server Setup
Server IP
Address
In addition to the servers for specified services, NAT supports a default server. A default
server receives packets from ports that are not specified in the
Application
screen.
If you do not assign a
Default
Server
IP address
, the NBG-418N discards all packets
received for ports that are not specified in the
Application
screen or remote
management.
Apply
Click
Apply
to save your changes back to the NBG-418N.
Reset
Click
Reset
to begin configuring this screen afresh.
Page 105 / 224
Chapter 10 Network Address Translation
NBG-418N User’s Guide
105
Figure 75
Network > NAT > Application
The following table describes the labels in this screen.
Table 47
Network > NAT > Application
LABEL
DESCRIPTION
Add Application Rule
Active
Select the check box to enable this rule and the requested service can be forwarded to the
host with a specified internal IP address.
Clear the checkbox to disallow forwarding of these ports to an inside server without
having to delete the entry.
Service Name
Type a name (of up to 31 printable characters) to identify this rule in the first field next to
Service Name
. Otherwise, select a predefined service in the second field next to
Service
Name
. The predefined service name and port number(s) will display in the
Service
Name
and
Port
fields.
Local Port Range
Public Port Range
Type a port number(s) to be forwarded.
To specify a range of ports, enter a hyphen (-) between the first port and the last port,
such as 10-20.
To specify two or more non-consecutive port numbers, separate them by a comma
without spaces, such as 123,567.
Protocol
Select the transport layer protocol supported by this server. Choices are
TCP
,
UDP
, or
TCP&UDP
.

Rate

4 / 5 based on 1 vote.

Popular Zyxel Models

Famous Router IPs
Famous Router Companies
Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top