Multi-Tech Systems RF660 User Manual
Chapter 6 – RouteFinder Software
Multi-Tech Systems, Inc. RouteFinderVPN RF760/660/600VPN User Guide (PN S000323D)
92
Network Setup > SNAT
Network Setup > SNAT
The SNAT (Source Network Address Translation) process allows attaching private networks to public networks. SNAT is
used when you want to have a LAN using a private IP network to be connected to the internet via a firewall. Since the private
IP addresses are not routed on the internet, you have to apply SNAT on the firewall’s external interface.
The firewall’s internal interface serves as the default gateway for the LAN. Hence, a rule is added to the firewall to replace
the source address of all packets crossing the firewall’s external interface from inside to outside with the firewall’s own IP
address. Once the request gets answered from the Internet host, the firewall will receive the reply packets and will forward
them to the client on the LAN.
On this screen you can set up the RouteFinder‘s ability to rewrite the source address of in-transit data packages using
SNAT. This functionality is equivalent to DNAT, except that the source addresses of the IP packets are converted instead of
the target addresses being converted. This can be helpful in more complex situations (e.g., diverting reply packets of
connections to other networks or hosts).
used when you want to have a LAN using a private IP network to be connected to the internet via a firewall. Since the private
IP addresses are not routed on the internet, you have to apply SNAT on the firewall’s external interface.
The firewall’s internal interface serves as the default gateway for the LAN. Hence, a rule is added to the firewall to replace
the source address of all packets crossing the firewall’s external interface from inside to outside with the firewall’s own IP
address. Once the request gets answered from the Internet host, the firewall will receive the reply packets and will forward
them to the client on the LAN.
On this screen you can set up the RouteFinder‘s ability to rewrite the source address of in-transit data packages using
SNAT. This functionality is equivalent to DNAT, except that the source addresses of the IP packets are converted instead of
the target addresses being converted. This can be helpful in more complex situations (e.g., diverting reply packets of
connections to other networks or hosts).
Important
For SNAT support, the TCP and/or UDP settings must be enabled at Networks & Services > Services > Protocol.
Important
As the translation takes place after the filtering by packet filter rules, you must allow connections that concern your SNAT
rules in Packet Filters > Packet Filter Rules with the original source address. Packet filter rules are covered later in this
chapter.
rules in Packet Filters > Packet Filter Rules with the original source address. Packet filter rules are covered later in this
chapter.
Note:
To create simple connections from private networks to the Internet, you should use the Network Setup >
Masquerading function instead of SNAT. In contrast to Masquerading, SNAT is a static address conversion, and the
rewritten source address does not have to be one of the RouteFinder‘s IP addresses.
rewritten source address does not have to be one of the RouteFinder‘s IP addresses.
Add SNAT Definition
From the drop down list boxes, select IP packet characteristics to be translated. The options are:
Pre SNAT Source
Select the original source network of the packet. The network must be predefined in the Networks
menu. The entry is confirmed by clicking the Add button. Existing entries can be deleted or edited by
clicking the Edit or the Delete buttons.
menu. The entry is confirmed by clicking the Add button. Existing entries can be deleted or edited by
clicking the Edit or the Delete buttons.
Service
Allows the corresponding service for the Pre SNAT Source entry field to be chosen from the select
menus. The service must have already been defined in the Services menu.
menus. The service must have already been defined in the Services menu.
Destination
Select the target network of the packet. The network must have been defined in the Network menu.
The entry is confirmed by clicking the Add button. Existing entries can be deleted or edited by clicking
the Edit or the Delete buttons.
The entry is confirmed by clicking the Add button. Existing entries can be deleted or edited by clicking
the Edit or the Delete buttons.
Post SNAT Source
Selects the source addresses of all the packets after the translation. Only one host can be specified
here. The entry is confirmed by clicking the Add button. Existing entries can be deleted or edited by
clicking the Edit or the Delete buttons.
here. The entry is confirmed by clicking the Add button. Existing entries can be deleted or edited by
clicking the Edit or the Delete buttons.