ZyXEL Communications P-870HW-I User Manual
P-870HW-I1 User’s Guide
386
Appendix D NAT
Figure 266 Full Cone NAT Example
Restricted Cone NAT
As in full cone NAT, a restricted cone NAT router maps all outgoing packets from an internal
IP address and port to a single IP address and port on the external network. In the following
example, the NAT router maps the source address of all packets sent from internal IP address
1 and port A to IP address 2 and port B on the external network.
IP address and port to a single IP address and port on the external network. In the following
example, the NAT router maps the source address of all packets sent from internal IP address
1 and port A to IP address 2 and port B on the external network.
The difference from full cone NAT is in how the restricted cone NAT router handles packets
coming in from the external network. A host on the external network (IP address 3 or IP
address 4 for example) can only send packets to the internal host if the internal host has
already sent a packet to the external host’s IP address.
coming in from the external network. A host on the external network (IP address 3 or IP
address 4 for example) can only send packets to the internal host if the internal host has
already sent a packet to the external host’s IP address.
A ZyXEL Device with IP address 1 and port A sends packets to IP address 3 and IP address 4.
The NAT router changes the ZyXEL Device’s IP address to 2 and port to B.
The NAT router changes the ZyXEL Device’s IP address to 2 and port to B.
Both 4, D and 4, E can send packets to 2, B since 1, A has already sent packets to 4. The NAT
router will perform NAT on the packets from 4, D and 4, E and send them to the ZyXEL
Device at IP address 1, port A. Packets have not been sent from 1, A to 3 or 5, so 3 and 5
cannot send packets to 1, A.
router will perform NAT on the packets from 4, D and 4, E and send them to the ZyXEL
Device at IP address 1, port A. Packets have not been sent from 1, A to 3 or 5, so 3 and 5
cannot send packets to 1, A.