ZyXEL Communications ZyWALL5UTM 4.0 User Manual
ZyWALL 5/35/70 Series User’s Guide
373
Chapter 22 Network Address Translation (NAT)
22.1.5 Port Restricted Cone NAT
At the time of writing ZyWALL ZyNOS version 4.00 uses port restricted cone NAT. Port
restricted cone NAT maps all outgoing packets from an internal IP address and port to a single
IP address and port on the external network. In the following example, the ZyWALL maps the
source address of all packets sent from internal IP address 1 and port A to IP address 2 and
port B on the external network. A host on the external network (IP address 3 and Port C for
example) can only send packets to the internal host if the internal host has already sent a
packet to the external host’s IP address and port.
A server with IP address 1 and port A sends packets to IP address 3, port C and IP address 4,
port D. The ZyWALL changes the server’s IP address to 2 and port to B.
Since 1, A has already sent packets to 3, C and 4, D, they can send packets back to 2, B and the
ZyWALL will perform NAT on them and send them to the server at IP address 1, port A.
Packets have not been sent from 1, A to 4, E or 5, so they cannot send packets to 1, A.
restricted cone NAT maps all outgoing packets from an internal IP address and port to a single
IP address and port on the external network. In the following example, the ZyWALL maps the
source address of all packets sent from internal IP address 1 and port A to IP address 2 and
port B on the external network. A host on the external network (IP address 3 and Port C for
example) can only send packets to the internal host if the internal host has already sent a
packet to the external host’s IP address and port.
A server with IP address 1 and port A sends packets to IP address 3, port C and IP address 4,
port D. The ZyWALL changes the server’s IP address to 2 and port to B.
Since 1, A has already sent packets to 3, C and 4, D, they can send packets back to 2, B and the
ZyWALL will perform NAT on them and send them to the server at IP address 1, port A.
Packets have not been sent from 1, A to 4, E or 5, so they cannot send packets to 1, A.
Figure 179 Port Restricted Cone NAT Example
22.1.6 NAT Mapping Types
NAT supports five types of IP/port mapping. They are:
• One to One: In One-to-One mode, the ZyWALL maps one local IP address to one global
IP address.
• Many to One: In Many-to-One mode, the ZyWALL maps multiple local IP addresses to
one global IP address. This is equivalent to SUA (i.e., PAT, port address translation),
ZyXEL's Single User Account feature (the SUA option).
ZyXEL's Single User Account feature (the SUA option).
• Many to Many Overload: In Many-to-Many Overload mode, the ZyWALL maps the
multiple local IP addresses to shared global IP addresses.
• Many One to One: In Many-One-to-One mode, the ZyWALL maps each local IP
address to a unique global IP address.