3com 3C840 Guía Del Usuario
Network Address Translation (NAT)
C-3
provides a firewall and hides the private local network from the outside
world.
world.
Figure C–1 NAT Example
Dynamic NAT
When a local PC sends a packet destined for the WAN, the OfficeConnect
Remote 840 puts the private source IP address and an IP address from the
pool into an address translation table. A change is made in the data
packet: the private source IP address is replaced by the IP address from
the pool and sent to the WAN. When the reply returns, it contains the IP
address from the pool. This address is used to search the address
translation table for the original private IP address. The private IP address
is put into a reply packet and sent to the Ethernet.
Remote 840 puts the private source IP address and an IP address from the
pool into an address translation table. A change is made in the data
packet: the private source IP address is replaced by the IP address from
the pool and sent to the WAN. When the reply returns, it contains the IP
address from the pool. This address is used to search the address
translation table for the original private IP address. The private IP address
is put into a reply packet and sent to the Ethernet.
When all the pool addresses are in use, any new requests are rejected and
the workstation on the LAN has to wait until one of the pool addresses is
free for use. To ensure that addresses are not held indefinitely, a timer is
associated with each table entry. An entry is freed after 5 minutes of
inactivity or if the session between the workstation and the remote site is
ended.
the workstation on the LAN has to wait until one of the pool addresses is
free for use. To ensure that addresses are not held indefinitely, a timer is
associated with each table entry. An entry is freed after 5 minutes of
inactivity or if the session between the workstation and the remote site is
ended.
This method requires initiating incoming packets from the LAN. Packets
from the WAN are rejected unless they have an IP address number that is
in the pool and is currently in the address translation table.
from the WAN are rejected unless they have an IP address number that is
in the pool and is currently in the address translation table.
840ug.book Page 3 Friday, July 7, 2000 2:23 PM