Zyxel ZyWALL-USG50 Router Manual PDF (Setup & Configuration Guide)

Page 321 / 944 Scroll up to view Page 316 - 320

ZyWALL USG 50 User’s Guide

321

C

HAPTER

17

NAT

17.1

NAT Overview

NAT (Network Address Translation - NAT, RFC 1631) is the translation of the IP

address of a host in a packet. For example, the source address of an outgoing

packet, used within one network is changed to a different IP address known within

another network. Use Network Address Translation (NAT) to make computers on a

private network behind the ZyWALL available outside the private network. If the

ZyWALL has only one public IP address, you can make the computers in the

private network available by using ports to forward packets to the appropriate

private IP address.

Suppose you want to assign ports 21-25 to one FTP, Telnet and SMTP server (

A

in

the example), port 80 to another (

B

in the example) and assign a default server IP

address of 192.168.1.35 to a third (

C

in the example). You assign the LAN IP

addresses and the ISP assigns the WAN IP address. The NAT network appears as a

single host on the Internet.

Figure 191

Multiple Servers Behind NAT Example

17.1.1

What You Can Do in this Chapter

Use the

NAT

screens (see

Section 17.2 on page 322

) to view and manage the list

of NAT rules and see their configuration details. You can also create new NAT rules

and edit or delete existing ones.

Page 322 / 944

Chapter 17 NAT

ZyWALL USG 50 User’s Guide

322

17.1.2

What You Need to Know

NAT is also known as virtual server, port forwarding, or port translation.

Finding Out More

•

See

Section 6.5.10 on page 99

for related information on these screens.

•

See

Section 17.3 on page 327

for technical background information related to

these screens.

•

See

Section 7.9.2 on page 140

for an example of how to configure NAT to allow

H.323 traffic from the WAN to the LAN.

•

See

Section 7.10.2 on page 144

for an example of how to configure NAT to allow

web traffic from the WAN to a server on the DMZ.

•

See

Section 7.11.3 on page 149

for an example of how to configure NAT to allow

SIP traffic from the WAN to an IPPBX or SIP server on the DMZ.

17.2

The NAT Screen

The

NAT

summary screen provides a summary of all NAT rules and their

configuration. In addition, this screen allows you to create new NAT rules and edit

and delete existing NAT rules. To access this screen, login to the Web Configurator

and click

Configuration > Network > NAT

. The following screen appears,

providing a summary of the existing NAT rules.

Figure 192

Configuration > Network > NAT

The following table describes the labels in this screen.

Table 92

Configuration > Network > NAT

LABEL

DESCRIPTION

Add

Click this to create a new entry.

Edit

Double-click an entry or select it and click

Edit

to open a screen where

you can modify the entry’s settings.

Page 323 / 944

Chapter 17 NAT

ZyWALL USG 50 User’s Guide

323

Remove

To remove an entry, select it and click

Remove

. The ZyWALL confirms

you want to remove it before doing so.

Activate

To turn on an entry, select it and click

Activate

.

Inactivate

To turn off an entry, select it and click

Inactivate

.

#

This field is a sequential value, and it is not associated with a specific

entry.

Status

This icon is lit when the entry is active and dimmed when the entry is

inactive.

Name

This field displays the name of the entry.

Mapping Type

This field displays what kind of NAT this entry performs:

Virtual Server

,

1:1 NAT

, or

Many 1:1 NAT

.

Interface

This field displays the interface on which packets for the NAT entry are

received.

Original IP

This field displays the original destination IP address (or address object)

of traffic that matches this NAT entry. It displays

any

if there is no

restriction on the original destination IP address.

Mapped IP

This field displays the new destination IP address for the packet.

Protocol

This field displays the service used by the packets for this NAT entry. It

displays

any

if there is no restriction on the services.

Original Port

This field displays the original destination port(s) of packets for the NAT

entry. This field is blank if there is no restriction on the original

destination port.

Mapped Port

This field displays the new destination port(s) for the packet. This field is

blank if there is no restriction on the original destination port.

Apply

Click this button to save your changes to the ZyWALL.

Reset

Click this button to return the screen to its last-saved settings.

Table 92

Configuration > Network > NAT (continued)

LABEL

DESCRIPTION

Page 324 / 944

Chapter 17 NAT

ZyWALL USG 50 User’s Guide

324

17.2.1

The NAT Add/Edit Screen

The

NAT Add/Edit

screen lets you create new NAT rules and edit existing ones.

To open this window, open the

NAT

summary screen. (See

Section 17.2 on page

322

.) Then, click on an

Add

icon or

Edit

icon to open the following screen.

Figure 193

Configuration > Network > NAT > Add

The following table describes the labels in this screen.

Table 93

Configuration > Network > NAT > Add

LABEL

DESCRIPTION

Create new

Object

Use to configure any new settings objects that you need to use in this

screen.

Enable Rule

Use this option to turn the NAT rule on or off.

Rule Name

Type in the name of the NAT rule. The name is used to refer to the NAT

rule. You may use 1-31 alphanumeric characters, underscores(

_

), or

dashes (-), but the first character cannot be a number. This value is

case-sensitive.

Page 325 / 944

Chapter 17 NAT

ZyWALL USG 50 User’s Guide

325

Classification

Select what kind of NAT this rule is to perform.

Virtual Server

- This makes computers on a private network behind the

ZyWALL available to a public network outside the ZyWALL (like the

Internet).

1:1 NAT

- If the private network server will initiate sessions to the

outside clients, select this to have the ZyWALL translate the source IP

address of the server’s outgoing traffic to the same public IP address

that the outside clients use to access the server.

Many 1:1 NAT -

If you have a range of private network servers that will

initiate sessions to the outside clients and a range of public IP addresses,

select this to have the ZyWALL translate the source IP address of each

server’s outgoing traffic to the same one of the public IP addresses that

the outside clients use to access the server. The private and public

ranges must have the same number of IP addresses.

One many 1:1 NAT rule works like multiple 1:1 NAT rules, but it eases

configuration effort since you only create one rule.

Incoming

Interface

Select the interface on which packets for the NAT rule must be received.

It can be an Ethernet, VLAN, bridge, or PPPoE/PPTP interface.

Original IP

Specify the destination IP address of the packets received by this NAT

rule’s specified incoming interface.

any

- Select this to use all of the incoming interface’s IP addresses

including dynamic addresses or those of any virtual interfaces built upon

the selected incoming interface.

User Defined

- Select this to manually enter an IP address in the

User

Defined

field. For example, you could enter a static public IP assigned

by the ISP without having to create a virtual interface for it.

Host address - select a host address object to use the IP address it

specifies. The list also includes address objects based on interface IPs.

So for example you could select an address object based on a WAN

interface even if it has a dynamic IP address.

User Defined

Original IP

This field is available if

Original IP

is

User Defined

. Type the

destination IP address that this NAT rule supports.

Original IP

Subnet/Range

This field displays for Many 1:1 NAT. Select the destination IP address

subnet or IP address range that this NAT rule supports. The original and

mapped IP address subnets or ranges must have the same number of IP

addresses.

Mapped IP

Select to which translated destination IP address this NAT rule forwards

packets.

User Defined

- this NAT rule supports a specific IP address, specified in

the

User Defined

field.

HOST address - the drop-down box lists all the HOST address objects in

the ZyWALL. If you select one of them, this NAT rule supports the IP

address specified by the address object.

User Defined

Original IP

This field is available if

Mapped IP

is

User Defined

. Type the translated

destination IP address that this NAT rule supports.

Table 93

Configuration > Network > NAT > Add (continued)

LABEL

DESCRIPTION

Rate

Popular Zyxel Models

Famous Router IPs

Famous Router Companies

Bookmark Our Site

Share