Zyxel ZyWALL-USG50 Router Manual PDF (Setup & Configuration Guide)

Page 326 / 944 Scroll up to view Page 321 - 325

Chapter 17 NAT

ZyWALL USG 50 User’s Guide

326

Mapped IP

Subnet/Range

This field displays for

Many 1:1 NAT

. Select to which translated

destination IP address subnet or IP address range this NAT rule forwards

packets. The original and mapped IP address subnets or ranges must

have the same number of IP addresses.

Port Mapping

Type

Use the drop-down list box to select how many original destination ports

this NAT rule supports for the selected destination IP address (

Original

IP

). Choices are:

Any

- this NAT rule supports all the destination ports.

Port

- this NAT rule supports one destination port.

Ports

- this NAT rule supports a range of destination ports. You might

use a range of destination ports for unknown services or when one

server supports more than one service.

See

Appendix B on page 841

for some common port numbers.

Protocol Type

This field is available if

Mapping Type

is

Port

or

Ports

. Select the

protocol (

TCP

,

UDP

, or

Any

) used by the service requesting the

connection.

Original Port

This field is available if

Mapping Type

is

Port

. Enter the original

destination port this NAT rule supports.

Mapped Port

This field is available if

Mapping Type

is

Port

. Enter the translated

destination port if this NAT rule forwards the packet.

Original Start

Port

This field is available if

Mapping Type

is

Ports

. Enter the beginning of

the range of original destination ports this NAT rule supports.

Original End

Port

This field is available if

Mapping Type

is

Ports

. Enter the end of the

range of original destination ports this NAT rule supports.

Mapped Start

Port

This field is available if

Mapping Type

is

Ports

. Enter the beginning of

the range of translated destination ports if this NAT rule forwards the

packet.

Mapped End

Port

This field is available if

Mapping Type

is

Ports

. Enter the end of the

range of translated destination ports if this NAT rule forwards the packet.

The original port range and the mapped port range must be the same

size.

Enable NAT

Loopback

Enable NAT loopback to allow users connected to any interface (instead

of just the specified

Incoming Interface

) to use the NAT rule’s

specified

Original IP

address to access the

Mapped IP

device. For

users connected to the same interface as the

Mapped IP

device, the

ZyWALL uses that interface’s IP address as the source address for the

traffic it sends from the users to the

Mapped IP

device.

For example, if you configure a NAT rule to forward traffic from the WAN

to a LAN server, enabling NAT loopback allows users connected to other

interfaces to also access the server. For LAN users, the ZyWALL uses the

LAN interface’s IP address as the source address for the traffic it sends

to the LAN server. See

NAT Loopback on page 327

for more details.

If you do not enable NAT loopback, this NAT rule only applies to packets

received on the rule’s specified incoming interface.

Table 93

Configuration > Network > NAT > Add (continued)

LABEL

DESCRIPTION

Page 327 / 944

Chapter 17 NAT

ZyWALL USG 50 User’s Guide

327

17.3

NAT Technical Reference

Here is more detailed information about NAT on the ZyWALL.

NAT Loopback

Suppose a NAT 1:1 rule maps a public IP address to the private IP address of a

LAN SMTP e-mail server to give WAN users access. NAT loopback allows other

users to also use the rule’s original IP to access the mail server.

Firewall

By default the firewall blocks incoming connections from external

addresses. After you configure your NAT rule settings, click the

Firewall

link to configure a firewall rule to allow the NAT rule’s traffic to come in.

The ZyWALL checks NAT rules before it applies To-ZyWALL firewall rules,

so To-ZyWALL firewall rules do not apply to traffic that is forwarded by

NAT rules. The ZyWALL still checks other firewall rules according to the

source IP address and mapped IP address.

OK

Click

OK

to save your changes back to the ZyWALL.

Cancel

Click

Cancel

to return to the

NAT

summary screen without creating the

NAT rule (if it is new) or saving any changes (if it already exists).

Table 93

Configuration > Network > NAT > Add (continued)

LABEL

DESCRIPTION

Page 328 / 944

Chapter 17 NAT

ZyWALL USG 50 User’s Guide

328

For example, a LAN user’s computer at IP address 192.168.1.89 queries a public

DNS server to resolve the SMTP server’s domain name (xxx.LAN-SMTP.com in this

example) and gets the SMTP server’s mapped public IP address of 1.1.1.1.

Figure 194

LAN Computer Queries a Public DNS Server

The LAN user’s computer then sends traffic to IP address 1.1.1.1. NAT loopback

uses the IP address of the ZyWALL’s LAN interface (192.168.1.1) as the source

address of the traffic going from the LAN users to the LAN SMTP server.

Figure 195

LAN to LAN Traffic

The LAN SMTP server replies to the ZyWALL’s LAN IP address and the ZyWALL

changes the source address to 1.1.1.1 before sending it to the LAN user. The

return traffic’s source matches the original destination address (1.1.1.1). If the

192.168.1.21

xxx.LAN-SMTP.com = ?

LAN

DNS

192.168.1.89

xxx.LAN-SMTP.com = 1.1.1.1

1.1.1.1

192.168.1.21

LAN

192.168.1.89

Source 192.168.1.89

SMTP

NAT

Source 192.168.1.1

SMTP

Page 329 / 944

Chapter 17 NAT

ZyWALL USG 50 User’s Guide

329

SMTP server replied directly to the LAN user without the traffic going through NAT,

the source would not match the original destination address which would cause

the LAN user’s computer to shut down the session.

Figure 196

LAN to LAN Return Traffic

192.168.1.21

LAN

192.168.1.89

Source 1.1.1.1

SMTP

NAT

Source 192.168.1.21

SMTP

Page 330 / 944

Chapter 17 NAT

ZyWALL USG 50 User’s Guide

330

Rate

Popular Zyxel Models

Famous Router IPs

Famous Router Companies

Bookmark Our Site

Share