Zhone 5100 참조 매뉴얼
CHAPTER 3
Interfaces
Interfaces
92
Vpacket 5100/6100 Series Reference Manual
Network Address Translation (NAT) commands
This feature provides a mapping capability from a specific port on the 5100/6100 VDR WAN IP
port side to a different IP address or port on the Ethernet side of the same 5100/6100 VDR.
With these commands, you can modify the IP address and port values of all packets in both
directions.
Basic NAT functionality allows private IP address hosts on the LAN to access public Internet
Basic NAT functionality allows private IP address hosts on the LAN to access public Internet
hosts.
With port and IPaddress mapping functionality, you can allow a client on the public Internet to
With port and IPaddress mapping functionality, you can allow a client on the public Internet to
access a server located on a private LAN subnet on the Ethernet side of the 5100/6100 VDR.
This feature is useful for telnet, web server applications, and FTP access.
With this mechanism, a specific WAN port is allocated for passing “through” traffic to the private
With this mechanism, a specific WAN port is allocated for passing “through” traffic to the private
Ethernet subnet. It provides security to the customer in that only specific known ports are open
for public access. It is also consistent with the NAT philosophy of “hiding” the private network
for IP space conservation and basic network security. The external client is unaware that the
connection is not accessing a port on the VDR’s WAN interface. However, traffic directed at that
port is internally forwarded to a host on the Ethernet subnet, as configured. This provides limited,
but needed access to the private Ethernet subnet from the WAN side.
Static NAT maps, which differ from NAT port maps, and related commands follow the NAT
Static NAT maps, which differ from NAT port maps, and related commands follow the NAT
port map commands.
Enabling or disabling NAT
You can enable or disable NAT by issuing the set nat command.
Syntax: set nat <enable | disable>
Argument:
Syntax: set nat <enable | disable>
Argument:
enable | disable
enable allows you to activate NAT; disable allows you to deactivate
NAT
Example:
In this example, NAT is enabled.
Setting a NAT port map
This command is used to specify a WAN port that is “connected” to the host on the private
subnet. Note, that only specific traffic type (TCP or UDP) is “connected”. This helps in allowing
only certain applications to have this kind of “connection”. Moreover, it possible to specify a
totally different port number for the optional parameter: “inside_port”. This is very useful in that
the user can reserve a totally different outside port for FTP traffic (e.g. 45555) instead of Port 21.
This way the external client can access the WAN IP on port 45555 to FTP into the private host,
and WAN IP on port 21 to FTP into the 5100/6100 VDR itself simultaneously. NAT takes care
VPacket# set nat enable
VPacket#