ZyXEL Communications P-870HW-I User Manual
P-870HW-I1 User’s Guide
Appendix D NAT
387
Figure 267 Restricted Cone NAT Example
Port Restricted Cone NAT
As in full cone NAT, a port restricted cone NAT router maps all outgoing packets from an
internal IP address and port to a single IP address and port on the external network. In the
following example, the NAT router maps the source address of all packets sent from internal
IP address 1 and port A to IP address 2 and port B on the external network.
internal IP address and port to a single IP address and port on the external network. In the
following example, the NAT router maps the source address of all packets sent from internal
IP address 1 and port A to IP address 2 and port B on the external network.
The difference from full cone and restricted cone NAT is in how the port restricted cone NAT
router handles packets coming in from the external network. A host on the external network
(IP address 3 and Port C for example) can only send packets to the internal host if the internal
host has already sent a packet to the external host’s IP address and port.
router handles packets coming in from the external network. A host on the external network
(IP address 3 and Port C for example) can only send packets to the internal host if the internal
host has already sent a packet to the external host’s IP address and port.
A ZyXEL Device with IP address 1 and port A sends packets to IP address 3, port C and IP
address 4, port D. The NAT router changes the ZyXEL Device’s IP address to 2 and port to B.
address 4, port D. The NAT router changes the ZyXEL Device’s IP address to 2 and port to B.
Since 1, A has already sent packets to 3, C and 4, D, they can send packets back to 2, B and the
NAT router will perform NAT on them and send them to the ZyXEL Device at IP address 1,
port A.
NAT router will perform NAT on them and send them to the ZyXEL Device at IP address 1,
port A.
Packets have not been sent from 1, A to 4, E or 5, so they cannot send packets to 1, A.