Table of Contents
Advertisement
Note the following important points about this configuration:
n
Within each filter, the smask and dmask values are identical.
n
All parameters for both filters are identical except for the NAT direction. For Filter 10,
nat source is used. For Filter 11, nat dest is used.
n
Filters for static (non-proxy) NAT should take precedence over dynamic NAT filters (fol-
lowing example). Static filters should be given lower filter numbers.
Dynamic NAT
Dynamic NAT is a many-to-one solution: multiple clients on the private subnet take advantage
of a single external IP address, thus conserving valid IP addresses. In this example, clients on
the internal private network require TCP/UDP access to the Internet:
Internal Clients
10.10.10.x
(Private network)
Figure 7-9 Dynamic Network Address Translation
N
OTE
This example requires a NAT filter to be configured on the switch port that is connected to the
internal clients. When the NAT filter is triggered by outbound client traffic, the internal private
IP address information on the outbound packets is translated to a valid, publicly advertised IP
address on the switch. In addition, the public IP address must be configured as a proxy IP
address on the switch port that is connected to the internal clients. The proxy performs the
reverse translation, restoring the private network addresses on inbound packets.
212777-A, February 2002
Outbound filter:
NAT source info
to public address
Hub
–
Dynamic NAT can also be used to support ICMP traffic for PING.
Public IP Address:
205.178.17.12
1
Inbound proxy on
public address
Web OS 10.0 Application Guide
Internet
Router
Chapter 7: Filtering
n
193
Advertisement
Table of Contents
