Table of Contents
Advertisement
The following should be noted about IP policies that make use of automatic translation:
•
The Source Network and the Destination Network can consist of a mixture of private and public
IP addresses.
•
More than one of the actions described above could be applied by a single IP policy to
different connections. The different actions are applied depending on the source and
destination address of each connection.
Protocols Handled by NAT
Dynamic address translation is able to deal with the TCP, UDP and ICMP protocols with a good
level of functionality since the algorithm knows which values can be adjusted to become unique
in the three protocols. For other IP level protocols, unique connections are identified by their
sender addresses, destination addresses and protocol numbers.
This means that:
•
An internal machine can communicate with several external servers using the same IP
protocol.
•
An internal machine can communicate with several external servers using different IP
protocols.
•
Several internal machines can communicate with different external servers using the same IP
protocol.
•
Several internal machines can communicate with the same server using different IP
protocols.
•
Several internal machines cannot communicate with the same external server using the
same IP protocol.
Note: Restrictions only apply to IP level protocols
These restrictions apply only to IP level protocols other than TCP, UDP and ICMP, such as
OSPF and L2TP. They do not apply to the protocols transported by TCP, UDP and ICMP
such as telnet, FTP, HTTP and SMTP.
NetDefendOS can alter port number information in the TCP and UDP headers to make
each connection unique, even though such connections have had their sender
addresses translated to the same IP.
Some protocols, regardless of the method of transportation used, can cause problems during
address translation.
Anonymizing Internet Traffic with NAT
A useful application of the NAT feature in NetDefendOS is for anonymizing service providers to
anonymize traffic between clients and servers across the public Internet so that the client's
public IP address is not present in any server access requests or peer to peer traffic.
We shall examine the typical case where the NetDefend Firewall acts as a PPTP server and
terminates the PPTP tunnel for PPTP clients. Clients that wish to be anonymous, communicate
with their local ISP using PPTP. The traffic is directed to the anonymizing service provider where
a NetDefend Firewall is installed to act as the PPTP server for the client, terminating the PPTP
582
Chapter 7: Address Translation
- Quick Links:
- User Manual
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
