ZyXEL Communications NBG410W3G Series User Manual
Chapter 12 Network Address Translation (NAT)
NBG410W3G Series User’s Guide
228
Figure 137 NAT Application With IP Alias
12.1.5 Port Restricted Cone NAT
ZyXEL Device ZyNOS version 4.00 and later uses port restricted cone NAT. Port restricted
cone NAT maps all outgoing packets from an internal IP address and port to a single IP
address and port on the external network. In the following example, the ZyXEL Device maps
the source address of all packets sent from internal IP address 1 and port A to IP address 2 and
port B on the external network. A host on the external network (IP address 3 and Port C for
example) can only send packets to the internal host if the internal host has already sent a
packet to the external host’s IP address and port.
A server with IP address 1 and port A sends packets to IP address 3, port C and IP address 4,
port D. The ZyXEL Device changes the server’s IP address to 2 and port to B.
Since 1, A has already sent packets to 3, C and 4, D, they can send packets back to 2, B and the
ZyXEL Device will perform NAT on them and send them to the server at IP address 1, port A.
Packets have not been sent from 1, A to 4, E or 5, so they cannot send packets to 1, A.
cone NAT maps all outgoing packets from an internal IP address and port to a single IP
address and port on the external network. In the following example, the ZyXEL Device maps
the source address of all packets sent from internal IP address 1 and port A to IP address 2 and
port B on the external network. A host on the external network (IP address 3 and Port C for
example) can only send packets to the internal host if the internal host has already sent a
packet to the external host’s IP address and port.
A server with IP address 1 and port A sends packets to IP address 3, port C and IP address 4,
port D. The ZyXEL Device changes the server’s IP address to 2 and port to B.
Since 1, A has already sent packets to 3, C and 4, D, they can send packets back to 2, B and the
ZyXEL Device will perform NAT on them and send them to the server at IP address 1, port A.
Packets have not been sent from 1, A to 4, E or 5, so they cannot send packets to 1, A.
Internet
Corporation B
NAT Server
192.168.3.1
192.168.3.1
LAN3: 192.168.3.X
Network Server
“R&D”=192.168.3.1
Network Server
“R&D”=192.168.3.1
WAN Addresses: LAN Addresses: (Default IPs)
IGA 1
IGA 1
--------------->
192.168.1.1
IGA 2
--------------->
192.168.2.1
IGA 3
--------------->
192.168.3.1
NAT Server
192.168.2.1
192.168.2.1
LAN2: 192.168.2.X
Network Server
“Sales”=192.168.2.1
Network Server
“Sales”=192.168.2.1
Server in
R&D Network
=IP3 (IGA 3)
R&D Network
=IP3 (IGA 3)
NAT Server
192.168.1.1
192.168.1.1
LAN2: 192.168.1.X
Network Server
“Admin=192.168.1.1
Network Server
“Admin=192.168.1.1
Corporation A
Server in
Sales Network
=IP2 (IGA 2)
Sales Network
=IP2 (IGA 2)
Server in
Admin Network
=IP1 (IGA 1)
Admin Network
=IP1 (IGA 1)