ZyXEL Communications 1001H User Manual
P100IH ISDN Router
NAT
4-1
Chapter 4:
NAT
4.1 Introduction
NAT (Network Address Translation - NAT, RFC 1631) is the translation of an Internet Protocol address used
within one network to a different IP address known within another network. One network is designated the
inside
within one network to a different IP address known within another network. One network is designated the
inside
network and the other is the outside. Typically, a company maps its local inside network addresses to
one or more global outside IP addresses and “unmaps” the global IP addresses on incoming packets back into
local IP addresses. The IP addresses for the NAT can be either fixed or dynamically assigned by the ISP. In
addition, you can designate servers, e.g., a web server and a telnet server, on your local network and make
them accessible to the outside world. If you do not define any servers (for Many-to-One and Many-to-Many
Overload mapping – see below), NAT offers the additional benefit of firewall protection. If no server is
defined in these cases, all incoming inquiries will be filtered out by your Prestige, thus preventing intruders
from probing your network. For more information on IP address translation, refer to RFC 1631, The IP
Network Address Translator (NAT).
local IP addresses. The IP addresses for the NAT can be either fixed or dynamically assigned by the ISP. In
addition, you can designate servers, e.g., a web server and a telnet server, on your local network and make
them accessible to the outside world. If you do not define any servers (for Many-to-One and Many-to-Many
Overload mapping – see below), NAT offers the additional benefit of firewall protection. If no server is
defined in these cases, all incoming inquiries will be filtered out by your Prestige, thus preventing intruders
from probing your network. For more information on IP address translation, refer to RFC 1631, The IP
Network Address Translator (NAT).
4.1.1
Advantages of NAT
z NAT is a cost-effective solution to access the Internet or other remote TCP/IP networks as NAT
conserves on the number of global IP addresses that a company needs in its communication with the
outside world.
outside world.
z NAT supports popular Internet applications such as MS traceroute, CuSeeMe, IRC, RealAudio,
VDOLive, Quake and PPTP with no extra configuration needed.
z NAT supports servers, including multiple servers of the same type, to be accessible to the outside
world.
z NAT can provide firewall protection if you do not specify a server (for Many-to-One and Many-to-
Many Overload mapping) and all incoming inquiries will be filtered out by your Prestige.
z UDP and TCP packets can be routed. In addition, partial ICMP, including echo and traceroute, is
supported.
4.1.2
How NAT works
Each packet consists of two addresses – a source address and a destination address. For outgoing packets, the
ILA is the source address on the LAN, and the IGA is the source address on the WAN. For incoming packets,
the ILA is the destination address on the LAN, and the IGA is the destination address on the WAN. The term
“Inside” refers to the set of networks that are subject to translation. Network Address Translation operates by
mapping private (local) IP addresses to globally unique ones required for communication with hosts on other
networks. It replaces the original IP source address (and TCP or UDP source port numbers for Many-to-One
ILA is the source address on the LAN, and the IGA is the source address on the WAN. For incoming packets,
the ILA is the destination address on the LAN, and the IGA is the destination address on the WAN. The term
“Inside” refers to the set of networks that are subject to translation. Network Address Translation operates by
mapping private (local) IP addresses to globally unique ones required for communication with hosts on other
networks. It replaces the original IP source address (and TCP or UDP source port numbers for Many-to-One