ZyXEL 35 用户指南

ZyWALL 35 Support Notes

accessible to the outside world. If you do not define any servers, NAT offers the additional benefit of firewall

protection. In such case, all incoming connections to your network will be filtered out by the ZyWALL, thus

preventing intruders from probing your network.

The SUA feature that the ZyWALL supports previously operates by mapping the private IP addresses to a

global IP address. It is only one subset of the NAT. The ZyWALL supports the most of the features of the NAT

based on RFC 1631, and we call this feature as 'Multi-NAT'. For more information on IP address translation,

please refer to RFC 1631,

The IP Network Address Translator (NAT)

•

How NAT works

If we define the local IP addresses as the Internal Local Addresses (ILA) and the global IP addresses as the

Inside Global Address (IGA), see the following figure. The term 'inside' refers to the set of networks that are

subject to translation. NAT operates by mapping the ILA to the IGA required for communication with hosts on

other networks. It replaces the original IP source address (and TCP or UDP source port numbers) and then

forwards each packet to the Internet ISP, thus making them appear as if they had come from the NAT system

itself (e.g., the ZyWALL router). The ZyWALL keeps track of the original addresses and port numbers so

incoming reply packets can have their original values restored.

• NAT Mapping Types

NAT supports five types of IP/port mapping. They are: