1. Home
    2. /
  2. Manuals
    3. /
  3. Zyxel
    4. /
  4. P-660R-F1
    5. /
  5. 16
Page 76 / 268 Scroll up to view Page 71 - 75
Chapter 6 Network Address Translation (NAT) Screens
P-660R-F1 Series User’s Guide
76
6.1.2
What NAT Does
In the simplest form, NAT changes the source IP address in a packet received from a subscriber
(the inside local address) to another (the inside global address) before forwarding the packet to the
WAN side.
When the response comes back, NAT translates the destination address (the inside
global address) back to the inside local address before forwarding it to the original inside host. Note
that the IP address (either local or global) of an outside host is never changed.
The global IP addresses for the inside hosts can be either static or dynamically assigned by the ISP.
In addition, you can designate servers, for example, a web server and a telnet server, on your local
network and make them accessible to the outside world. If you do not define any servers (for Many-
to-One and Many-to-Many Overload mapping – see
Table 24 on page 78
), NAT offers the additional
benefit of firewall protection. With no servers defined, your ZyXEL Device filters out all incoming
inquiries, thus preventing intruders from probing your network. For more information on IP address
translation, refer to
RFC 1631
,
The IP Network Address Translator (NAT)
.
6.1.3
How NAT Works
Each packet has two addresses – a source address and a destination address. For outgoing packets,
the ILA (Inside Local Address) is the source address on the LAN, and the IGA (Inside Global
Address) is the source address on the WAN. For incoming packets, the ILA is the destination
address on the LAN, and the IGA is the destination address on the WAN. NAT maps private (local)
IP addresses to globally unique ones required for communication with hosts on other networks. It
replaces the original IP source address (and TCP or UDP source port numbers for Many-to-One and
Many-to-Many Overload NAT mapping) in each packet and then forwards it to the Internet. The
ZyXEL Device keeps track of the original addresses and port numbers so incoming reply packets can
have their original values restored. The following figure illustrates this.
Figure 40
How NAT Works
Page 77 / 268
Chapter 6 Network Address Translation (NAT) Screens
P-660R-F1 Series User’s Guide
77
6.1.4
NAT Application
The following figure illustrates a possible NAT application, where three inside LANs (logical LANs
using IP Alias) behind the ZyXEL Device can communicate with three distinct WAN networks. More
examples follow at the end of this chapter.
Figure 41
NAT Application With IP Alias
6.1.5
NAT Mapping Types
NAT supports five types of IP/port mapping. They are:
One to One
: In One-to-One mode, the ZyXEL Device maps one local IP address to one global IP
address.
Many to One
: In Many-to-One mode, the ZyXEL Device maps multiple local IP addresses to one
global IP address. This is equivalent to SUA (for instance, PAT, port address translation), ZyXEL’s
Single User Account feature that previous ZyXEL routers supported (the
SUA Only
option in
today’s routers).
Many to Many Overload
: In Many-to-Many Overload mode, the ZyXEL Device maps the
multiple local IP addresses to shared global IP addresses.
Many-to-Many No Overload
:
In Many-to-Many No Overload mode, the ZyXEL Device maps
each local IP address to a unique global IP address.
Server
: This type allows you to specify inside servers of different services behind the NAT to be
accessible to the outside world.
Port numbers do NOT change for
One-to-One
and
Many-to-Many No Overload
NAT mapping
types.
Page 78 / 268
Chapter 6 Network Address Translation (NAT) Screens
P-660R-F1 Series User’s Guide
78
The following table summarizes these types.
6.2
SUA (Single User Account) Versus NAT
SUA (Single User Account) is a ZyNOS implementation of a subset of NAT that supports two types
of mapping,
Many-to-One
and
Server
. The ZyXEL Device also supports
Full Feature
NAT to map
multiple global IP addresses to multiple private LAN IP addresses of clients or servers using
mapping types as outlined in
Table 24 on page 78
.
• Choose
SUA Only
if you have just one public WAN IP address for your ZyXEL Device.
• Choose
Full Feature
if you have multiple public WAN IP addresses for your ZyXEL Device.
Table 24
NAT Mapping Types
TYPE
IP MAPPING
One-to-One
ILA1
ÅÆ
IGA1
Many-to-One (SUA/PAT)
ILA1
ÅÆ
IGA1
ILA2
ÅÆ
IGA1
Many-to-Many Overload
ILA1
ÅÆ
IGA1
ILA2
ÅÆ
IGA2
ILA3
ÅÆ
IGA1
ILA4
ÅÆ
IGA2
Many-to-Many No Overload
ILA1
ÅÆ
IGA1
ILA2
ÅÆ
IGA2
ILA3
ÅÆ
IGA3
Server
Server 1 IP
ÅÆ
IGA1
Server 2 IP
ÅÆ
IGA1
Server 3 IP
ÅÆ
IGA1
Page 79 / 268
Chapter 6 Network Address Translation (NAT) Screens
P-660R-F1 Series User’s Guide
79
6.3
NAT General Setup
You must create a firewall rule in addition to setting up SUA/NAT, to allow traffic from the WAN to be
forwarded through the ZyXEL Device. Click
Network > NAT
to open the following screen. Not all
fields are available on all models.
Figure 42
NAT General
The following table describes the labels in this screen.
Table 25
NAT General
LABEL
DESCRIPTION
Active
Network
Address
Translation
(NAT)
Select this check box to enable NAT.
SUA Only
Select this radio button if you have just one public WAN IP address for your ZyXEL
Device.
Full Feature
Select this radio button if you have multiple public WAN IP addresses for your ZyXEL
Device.
Max NAT/
Firewall
Session Per
User
When computers use peer to peer applications, such as file sharing
applications, they may use a large number of NAT sessions.
If you do
not limit the number of NAT sessions a single client can establish, this can result in all
of the available NAT sessions being used. In this case, no additional NAT sessions can
be established, and users may not be able to access the Internet.
Each NAT session establishes a corresponding firewall session. Use this field to limit
the number of NAT/firewall sessions each client computer can establish through the
ZyXEL Device.
If your network has a small number of clients using peer to peer applications, you can
raise this number to ensure that their performance is not degraded by the number of
NAT sessions they can establish. If your network has a large number of users using
peer to peer applications, you can lower this number to ensure no single client is
using all of the available NAT sessions.
Apply
Click
Apply
to save your changes back to the ZyXEL Device.
Cancel
Click
Cancel
to reload the previous configuration for this screen.
Page 80 / 268
Chapter 6 Network Address Translation (NAT) Screens
P-660R-F1 Series User’s Guide
80
6.4
Port Forwarding
A port forwarding set is a list of inside (behind NAT on the LAN) servers, for example, web or FTP,
that you can make visible to the outside world even though NAT makes your whole inside network
appear as a single computer to the outside world.
You may enter a single port number or a range of port numbers to be forwarded, and the local IP
address of the desired server. The port number identifies a service; for example, web service is on
port 80 and FTP on port 21. In some cases, such as for unknown services or where one server can
support more than one service (for example both FTP and web service), it might be better to
specify a range of port numbers. You can allocate a server IP address that corresponds to a port or
a range of ports.
Many residential broadband ISP accounts do not allow you to run any server processes (such as a
Web or FTP server) from your location. Your ISP may periodically check for servers and may
suspend your account if it discovers any active services at your location. If you are unsure, refer to
your ISP.
6.4.1
Default Server IP Address
In addition to the servers for specified services, NAT supports a default server IP address. A default
server receives packets from ports that are not specified in this screen.
Note: If you do not assign a
Default Server
IP address, the ZyXEL Device discards all
packets received for ports that are not specified here or in the remote management
setup.
6.4.2
Port Forwarding: Services and Port Numbers
Use the
Port Forwarding
screen to forward incoming service requests to the server(s) on your
local network.
The most often used port numbers are shown in the following table. Please refer to RFC 1700 for
further information about port numbers.
Table 26
Services and Port Numbers
SERVICES
PORT NUMBER
ECHO
7
FTP (File Transfer Protocol)
21
SMTP (Simple Mail Transfer Protocol)
25
DNS (Domain Name System)
53
Finger
79
HTTP (Hyper Text Transfer protocol or WWW, Web)
80
POP3 (Post Office Protocol)
110
NNTP (Network News Transport Protocol)
119
SNMP (Simple Network Management Protocol)
161
SNMP trap
162
PPTP (Point-to-Point Tunneling Protocol)
1723

Rate

4.5 / 5 based on 2 votes.

Popular Zyxel Models

Famous Router IPs
Famous Router Companies
Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top