Zyxel P-2601HN-F1 Router Manual PDF (Setup & Configuration Guide)

Page 151 / 344 Scroll up to view Page 146 - 150

Chapter 11 Network Address Translation (NAT)

P-2601HN(L)-F1 Series User’s Guide

151

addresses and the ISP assigns the WAN IP address. The NAT network appears as a

single host on the Internet.

Figure 65

Multiple Servers Behind NAT Example

11.2.1

The Port Forwarding Screen

Click

Network Setting > NAT

to open the

Port Forwarding

screen.

See

Appendix E on page 323

for port numbers commonly used for particular

services.

Figure 66

Network Setting > NAT > Port Forwarding

The following table describes the fields in this screen.

A=192.168.1.33

D=192.168.1.36

C=192.168.1.35

B=192.168.1.34

WAN

LAN

192.168.1.1

IP Address assigned by ISP

Table 35

Network Setting > NAT > Port Forwarding

LABEL

DESCRIPTION

Add new rule

Click this to add a new port forwarding rule.

#

This is the index number of the entry.

Status

This field indicates whether the rule is active or not.

Clear the check box to disable the rule. Select the check box to enable

it.

Service Name

This is the service’s name. This shows

User Defined

if you manually

added a service. You can change this by clicking the edit icon.

WAN Interface

This shows the WAN interface through which the service is forwarded.

Start Port

This is the first external port number that identifies a service.

End Port

This is the last external port number that identifies a service.

Page 152 / 344

Chapter 11 Network Address Translation (NAT)

P-2601HN(L)-F1 Series User’s Guide

152

11.2.2

The Port Forwarding Edit Screen

This screen lets you create or edit a port forwarding rule. Click

Add new rule

in

the

Port Forwarding

screen or the

Edit

icon next to an existing rule to open the

following screen.

Figure 67

Port Forwarding: Add/Edit

The following table describes the labels in this screen.

Translation

Start Port

This is the first internal port number that identifies a service.

Translation End

Port

This is the last internal port number that identifies a service.

Server IP

Address

This is the server’s IP address.

Protocol

This shows the IP protocol supported by this virtual server, whether it is

TCP

,

UDP

, or

TCP/UDP

.

Modify

Click the

Edit

icon to edit the port forwarding rule.

Click the

Delete

icon to delete an existing port forwarding rule. Note

that subsequent address mapping rules move up by one when you take

this action.

Apply

Click

Apply

to save your changes.

Cancel

Click

Cancel

to restore your previously saved settings.

Table 35

Network Setting > NAT > Port Forwarding (continued)

LABEL

DESCRIPTION

Table 36

Port Forwarding: Add/Edit

LABEL

DESCRIPTION

Enable

Clear the check box to disable the rule. Select the check box to enable it.

This field is available only when you are editing the port forwarding rule.

Service Name

Enter a name to identify this rule using keyboard characters (A-Z, a-z, 1-

2 and so on).

Page 153 / 344

Chapter 11 Network Address Translation (NAT)

P-2601HN(L)-F1 Series User’s Guide

153

11.3

The Sessions Screen

Use the

Sessions

screen to limit the number of concurrent NAT sessions each

client can use.

Click

Network Setting > NAT > Sessions

to display the following screen.

Figure 68

Network Setting > NAT > Sessions

WAN Interface

Select the WAN interface through which the service is forwarded.

You must have already configured a WAN connection with NAT enabled.

Start Port

Enter the original destination port for the packets.

To forward only one port, enter the port number again in the

External

End Port

field.

To forward a series of ports, enter the start port number here and the

end port number in the

External End Port

field.

End Port

Enter the last port of the original destination port range.

To forward only one port, enter the port number in the

External Start

Port

field above and then enter it again in this field.

To forward a series of ports, enter the last port number in a series that

begins with the port number in the

External Start Port

field above.

Translation

Start Port

This shows the port number to which you want the ZyXEL Device to

translate the incoming port. For a range of ports, enter the first number

of the range to which you want the incoming ports translated.

Translation End

Port

This shows the last port of the translated port range.

Server IP

Address

Enter the inside IP address of the virtual server here.

Protocol Type

Select the protocol supported by this virtual server. Choices are

TCP

,

UDP

, or

TCP/UDP

.

Apply

Click

Apply

to save your changes.

Back

Click

Back

to return to the previous screen without saving.

Table 36

Port Forwarding: Add/Edit (continued)

LABEL

DESCRIPTION

Page 154 / 344

Chapter 11 Network Address Translation (NAT)

P-2601HN(L)-F1 Series User’s Guide

154

The following table describes the fields in this screen.

11.4

Technical Reference

This section provides some technical background information about the topics

covered in this chapter.

11.4.1

NAT Definitions

Inside/outside denotes where a host is located relative to the ZyXEL Device, for

example, the computers of your subscribers are the inside hosts, while the web

servers on the Internet are the outside hosts.

Global/local denotes the IP address of a host in a packet as the packet traverses a

router, for example, the local address refers to the IP address of a host when the

packet is in the local network, while the global address refers to the IP address of

the host when the same packet is traveling in the WAN side.

Note that inside/outside refers to the location of a host, while global/local refers to

the IP address of a host used in a packet. Thus, an inside local address (ILA) is the

IP address of an inside host in a packet when the packet is still in the local

network, while an inside global address (IGA) is the IP address of the same inside

host when the packet is on the WAN side. The following table summarizes this

information.

Table 37

Network Setting > NAT > Sessions

LABEL

DESCRIPTION

MAX NAT

Session

Use this field to set a common limit to the number of concurrent NAT

sessions each client computer can have.

If only a few clients use peer to peer applications, you can raise this

number to improve their performance. With heavy peer to peer

application use, lower this number to ensure no single client uses too

many of the available NAT sessions.

Apply

Click

Apply

to save your changes.

Cancel

Click

Cancel

to restore your previously saved settings.

Table 38

NAT Definitions

ITEM

DESCRIPTION

Inside

This refers to the host on the LAN.

Outside

This refers to the host on the WAN.

Local

This refers to the packet address (source or destination) as the packet travels

on the LAN.

Global

This refers to the packet address (source or destination) as the packet travels

on the WAN.

Page 155 / 344

Chapter 11 Network Address Translation (NAT)

P-2601HN(L)-F1 Series User’s Guide

155

NAT never changes the IP address (either local or global) of an outside host.

11.4.2

What NAT Does

In the simplest form, NAT changes the source IP address in a packet received from

a subscriber (the inside local address) to another (the inside global address)

before forwarding the packet to the WAN side. When the response comes back,

NAT translates the destination address (the inside global address) back to the

inside local address before forwarding it to the original inside host. Note that the

IP address (either local or global) of an outside host is never changed.

The global IP addresses for the inside hosts can be either static or dynamically

assigned by the ISP. In addition, you can designate servers, for example, a web

server and a Telnet server, on your local network and make them accessible to the

outside world. If you do not define any servers, NAT offers the additional benefit of

firewall protection. With no servers defined, your ZyXEL Device filters out all

incoming inquiries, thus preventing intruders from probing your network. For

more information on IP address translation, refer to

RFC 1631

,

The IP Network

Address Translator (NAT)

.

11.4.3

How NAT Works

Each packet has two addresses – a source address and a destination address. For

outgoing packets, the ILA (Inside Local Address) is the source address on the LAN,

and the IGA (Inside Global Address) is the source address on the WAN. For

incoming packets, the ILA is the destination address on the LAN, and the IGA is

the destination address on the WAN. NAT maps private (local) IP addresses to

globally unique ones required for communication with hosts on other networks. It

replaces the original IP source address (and TCP or UDP source port numbers for

Many-to-One and Many-to-Many Overload NAT mapping) in each packet and then

forwards it to the Internet. The ZyXEL Device keeps track of the original addresses

Rate

Popular Zyxel Models

Famous Router IPs

Famous Router Companies

Bookmark Our Site

Share