1. Home
    2. /
  2. Manuals
    3. /
  3. Zyxel
    4. /
  4. P-2602HW-D1A
    5. /
  5. 29
Page 141 / 427 Scroll up to view Page 136 - 140
P-2602H(W)(L)-DxA Series User’s Guide
Chapter 10 Network Address Translation (NAT) Screens
141
C
HAPTER
10
Network Address Translation
(NAT) Screens
This chapter discusses how to configure NAT on the ZyXEL Device.
10.1
NAT Overview
NAT (Network Address Translation - NAT, RFC 1631) is the translation of the IP address of a
host in a packet, for example, the source address of an outgoing packet, used within one
network to a different IP address known within another network.
10.1.1
NAT Definitions
Inside/outside denotes where a host is located relative to the ZyXEL Device, for example, the
computers of your subscribers are the inside hosts, while the web servers on the Internet are
the outside hosts.
Global/local denotes the IP address of a host in a packet as the packet traverses a router, for
example, the local address refers to the IP address of a host when the packet is in the local
network, while the global address refers to the IP address of the host when the same packet is
traveling in the WAN side.
Note that inside/outside refers to the location of a host, while global/local refers to the IP
address of a host used in a packet.
Thus, an inside local address (ILA) is the IP address of an
inside host in a packet when the packet is still in the local network, while an inside global
address (IGA) is the IP address of the same inside host when the packet is on the WAN side.
The following table summarizes this information.
NAT never changes the IP address (either local or global) of an outside host.
Table 46
NAT Definitions
ITEM
DESCRIPTION
Inside
This refers to the host on the LAN.
Outside
This refers to the host on the WAN.
Local
This refers to the packet address (source or destination) as the packet travels on the
LAN.
Global
This refers to the packet address (source or destination) as the packet travels on the
WAN.
Page 142 / 427
P-2602H(W)(L)-DxA Series User’s Guide
142
Chapter 10 Network Address Translation (NAT) Screens
10.1.2
What NAT Does
In the simplest form, NAT changes the source IP address in a packet received from a
subscriber (the inside local address) to another (the inside global address) before forwarding
the packet to the WAN side.
When the response comes back, NAT translates the destination
address (the inside global address) back to the inside local address before forwarding it to the
original inside host. Note that the IP address (either local or global) of an outside host is never
changed.
The global IP addresses for the inside hosts can be either static or dynamically assigned by the
ISP. In addition, you can designate servers, for example, a web server and a telnet server, on
your local network and make them accessible to the outside world. If you do not define any
servers (for Many-to-One and Many-to-Many Overload mapping – see
Table 47 on page 144
),
NAT offers the additional benefit of firewall protection. With no servers defined, your ZyXEL
Device filters out all incoming inquiries, thus preventing intruders from probing your network.
For more information on IP address translation, refer to
RFC 1631
,
The IP Network Address
Translator (NAT)
.
10.1.3
How NAT Works
Each packet has two addresses – a source address and a destination address. For outgoing
packets, the ILA (Inside Local Address) is the source address on the LAN, and the IGA (Inside
Global Address) is the source address on the WAN. For incoming packets, the ILA is the
destination address on the LAN, and the IGA is the destination address on the WAN. NAT
maps private (local) IP addresses to globally unique ones required for communication with
hosts on other networks. It replaces the original IP source address (and TCP or UDP source
port numbers for Many-to-One and Many-to-Many Overload NAT mapping) in each packet
and then forwards it to the Internet. The ZyXEL Device keeps track of the original addresses
and port numbers so incoming reply packets can have their original values restored. The
following figure illustrates this.
Figure 77
How NAT Works
Page 143 / 427
P-2602H(W)(L)-DxA Series User’s Guide
Chapter 10 Network Address Translation (NAT) Screens
143
10.1.4
NAT Application
The following figure illustrates a possible NAT application, where three inside LANs (logical
LANs using IP Alias) behind the ZyXEL Device can communicate with three distinct WAN
networks.
Figure 78
NAT Application With IP Alias
10.1.5
NAT Mapping Types
NAT supports five types of IP/port mapping. They are:
One to One
: In One-to-One mode, the ZyXEL Device maps one local IP address to one
global IP address.
Many to One
: In Many-to-One mode, the ZyXEL Device maps multiple local IP
addresses to one global IP address. This is equivalent to SUA (for instance, PAT, port
address translation), ZyXEL’s Single User Account feature that previous ZyXEL routers
supported (the
SUA Only
option in today’s routers).
Many to Many Overload
: In Many-to-Many Overload mode, the ZyXEL Device maps
the multiple local IP addresses to shared global IP addresses.
Many-to-Many No Overload
:
In Many-to-Many No Overload mode, the ZyXEL Device
maps each local IP address to a unique global IP address.
Server
: This type allows you to specify inside servers of different services behind the
NAT to be accessible to the outside world.
Page 144 / 427
P-2602H(W)(L)-DxA Series User’s Guide
144
Chapter 10 Network Address Translation (NAT) Screens
Port numbers do NOT change for
One-to-One
and
Many-to-Many No Overload
NAT
mapping types.
The following table summarizes these types.
10.2
SUA (Single User Account) Versus NAT
SUA (Single User Account) is a ZyNOS implementation of a subset of NAT that supports two
types of mapping,
Many-to-One
and
Server
. The ZyXEL Device also supports
Full
Feature
NAT to map multiple global IP addresses to multiple private LAN IP addresses of
clients or servers using mapping types as outlined in
Table 47 on page 144
.
• Choose
SUA Only
if you have just one public WAN IP address for your ZyXEL Device.
• Choose
Full Feature
if you have multiple public WAN IP addresses for your ZyXEL
Device.
10.3
NAT General Setup
You must create a firewall rule in addition to setting up SUA/NAT, to allow traffic from the
WAN to be forwarded through the ZyXEL Device. Click
Network > NAT
to open the
following screen.
Table 47
NAT Mapping Types
TYPE
IP MAPPING
One-to-One
ILA1
ÅÆ
IGA1
Many-to-One (SUA/PAT)
ILA1
ÅÆ
IGA1
ILA2
ÅÆ
IGA1
Many-to-Many Overload
ILA1
ÅÆ
IGA1
ILA2
ÅÆ
IGA2
ILA3
ÅÆ
IGA1
ILA4
ÅÆ
IGA2
Many-to-Many No Overload
ILA1
ÅÆ
IGA1
ILA2
ÅÆ
IGA2
ILA3
ÅÆ
IGA3
Server
Server 1 IP
ÅÆ
IGA1
Server 2 IP
ÅÆ
IGA1
Server 3 IP
ÅÆ
IGA1
Page 145 / 427
P-2602H(W)(L)-DxA Series User’s Guide
Chapter 10 Network Address Translation (NAT) Screens
145
Figure 79
NAT General
The following table describes the labels in this screen.
10.4
Port Forwarding
A port forwarding set is a list of inside (behind NAT on the LAN) servers, for example, web or
FTP, that you can make visible to the outside world even though NAT makes your whole
inside network appear as a single computer to the outside world.
Table 48
NAT General
LABEL
DESCRIPTION
Active
Network
Address
Translation
(NAT)
Select this check box to enable NAT.
SUA Only
Select this radio button if you have just one public WAN IP address for your ZyXEL
Device.
Full Feature
Select this radio button if you have multiple public WAN IP addresses for your ZyXEL
Device.
Max NAT/
Firewall
Session Per
User
When computers use peer to peer applications, such as file sharing applications, they
need to establish NAT sessions. If you do not limit the number of NAT sessions a
single client can establish, this can result in all of the available NAT sessions being
used. In this case, no additional NAT sessions can be established, and users may not
be able to access the Internet.
Each NAT session establishes a corresponding firewall session. Use this field to limit
the number of NAT/Firewall sessions client computers can establish through the
ZyXEL Device.
If your network has a small number of clients using peer to peer applications, you can
raise this number to ensure that their performance is not degraded by the number of
NAT sessions they can establish. If your network has a large number of users using
peer to peer applications, you can lower this number to ensure no single client is
exhausting all of the available NAT sessions.
Apply
Click
Apply
to save your changes back to the ZyXEL Device.
Cancel
Click
Cancel
to reload the previous configuration for this screen.

Rate

3.5 / 5 based on 2 votes.

Popular Zyxel Models

Famous Router IPs
Famous Router Companies
Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top