1. Home
    2. /
  2. Manuals
    3. /
  3. Zyxel
    4. /
  4. P324
    5. /
  5. 24
Page 116 / 285 Scroll up to view Page 111 - 115
Prestige 324 Intelligent Broadband Sharing Gateway
NAT
11-1
Chapter 11
Network Address Translation (NAT)
This chapter discusses how to configure NAT on the Prestige.
11.1 Introduction
NAT (Network Address Translation - NAT, RFC 1631) is the translation of the IP address of a host in a
packet, e.g., the source address of an outgoing packet, used within one network to a different IP address
known within another network.
11.1.1 NAT Definitions
Inside/outside denotes where a host is located relative to the Prestige, e.g., the workstations of your
subscribers are the inside hosts, while the web servers on the Internet are the outside hosts.
Global/local denotes the IP address of a host in a packet as the packet traverses a router, e.g., the local
address refers to the IP address of a host when the packet is in the local network, while the global address
refers to the IP address of the host when the same packet is traveling in the WAN side.
Note that inside/outside refers to the location of a host, while global/local refers to the IP address of a host
used in a packet. Thus, an inside local address (ILA) is the IP address of an inside host in a packet when the
packet is still in the local network, while an inside global address (IGA) is the IP address of the same inside
host when the packet is on the WAN side. The following table summarizes this information.
Table 11-1 NAT Definitions
TERM
DEFINITION
Inside
This refers to the host on the LAN.
Outside
This refers to the host on the WAN.
Local
This refers to the packet address (source or destination) as the packet travels on the LAN.
Global
This refers to the packet address (source or destination) as the packet travels on the WAN.
Page 117 / 285
11-2
NAT
NAT never changes the IP address (either local or global) of an
outside
host.
11.1.2 What NAT Does
In the simplest form, NAT changes the source IP address in a packet received from a subscriber (the inside
local address) to another (the inside global address) before forwarding the packet to the WAN side. When
the response comes back, NAT translates the destination address (the inside global address) back the inside
local address before forwarding it to the original inside host. Note that the IP address (either local or global)
of an outside host is never changed.
The global IP addresses for the inside hosts can be either static or dynamically assigned by the ISP. In
addition, you can designate servers, e.g., a web server and a telnet server, on your local network and make
them accessible to the outside world. If you do not define any servers (for Many-to-One and Many-to-
Many Overload mapping – see
Table 11-2
), NAT offers the additional benefit of firewall protection. If no
server is defined in these cases, all incoming inquiries will be filtered out by your Prestige, thus preventing
intruders from probing your network. For more information on IP address translation, refer to
RFC 1631
,
The IP Network Address Translator (NAT).
11.1.3 How NAT Works
Each packet has two addresses – a source address and a destination address. For outgoing packets, the ILA
(Inside Local Address) is the source address on the LAN, and the IGA (Inside Global Address) is the
source address on the WAN. For incoming packets, the ILA is the destination address on the LAN, and the
IGA is the destination address on the WAN. NAT maps private (local) IP addresses to globally unique ones
required for communication with hosts on other networks. It replaces the original IP source address (and
TCP or UDP source port numbers for Many-to-One and Many-to-Many Overload NAT mapping) in each
packet and then forwards it to the Internet. The Prestige keeps track of the original addresses and port
numbers so incoming reply packets can have their original values restored. The following figure illustrates
this.
Page 118 / 285
Prestige 324 Intelligent Broadband Sharing Gateway
NAT
11-3
Figure 11-1 How NAT Works
11.1.4 NAT Application
The following figure illustrates a possible NAT application, where three inside LANs (logical LANs using
IP Alias) behind the Prestige can communicate with three distinct WAN networks. More examples follow
at the end of this chapter.
Page 119 / 285
11-4
NAT
Figure 11-2 NAT Application With IP Alias
11.1.5 NAT Mapping Types
NAT supports five types of IP/port mapping. They are:
1.
One to One
: In One-to-One mode, the Prestige maps one local IP address to one global IP address.
2.
Many to One
: In Many-to-One mode, the Prestige maps multiple local IP addresses to one global IP
address. This is equivalent to SUA (i.e., PAT, port address translation), ZyXEL’s Single User Account
feature that previous ZyXEL routers supported (the SUA Only option in today’s routers).
Page 120 / 285
Prestige 324 Intelligent Broadband Sharing Gateway
NAT
11-5
3.
Many to Many Overload
: In Many-to-Many Overload mode, the Prestige maps the multiple local IP
addresses to shared global IP addresses.
4.
Many One-to-One
:
In
Many One-to-One
mode, the Prestige maps the each local IP addresses to
unique global IP addresses.
5.
Server
: This type allows you to specify inside servers of different services behind the NAT to be
accessible to the outside world.
Port numbers do
not
change for
One-to-One
and
Many One-to-One
NAT mapping
types.
When you select
One-to-One
or
Many- One-to-One
NAT mapping, the firewall
automatically allows traffic through to the LAN computers you specify in the
One-
to-One
or
Many- One-to-One
mapping rules. This means that these LAN computers
do not have firewall protection.
The following table summarizes these types.
Table 11-2 NAT Mapping Types
TYPE
IP MAPPING
SMT ABBREVIATION
One-to-One
ILA1
ÅÆ
IGA1
1:1
Many-to-One (SUA/PAT)
ILA1
ÅÆ
IGA1
ILA2
ÅÆ
IGA1
M:1
Many-to-Many Overload
ILA1
ÅÆ
IGA1
ILA2
ÅÆ
IGA2
ILA3
ÅÆ
IGA1
ILA4
ÅÆ
IGA2
M:M Ov

Rate

4 / 5 based on 1 vote.

Popular Zyxel Models

Famous Router IPs
Famous Router Companies
Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top