THOMSON SpeedTouch Configuration Manual
THOMSON SpeedTouch Configuration Manual

THOMSON SpeedTouch Configuration Manual

Wireless business dsl router
Hide thumbs Also See for SpeedTouch:

Advertisement

SpeedTouch™
(Wireless) Business DSL Router
Hyper-NAT Configuration Guide
Release R5.3.0
SpeedTouch™608WL and
SpeedTouch™620 only

Advertisement

Table of Contents
loading

Summary of Contents for THOMSON SpeedTouch

  • Page 1 SpeedTouch™ (Wireless) Business DSL Router Hyper-NAT Configuration Guide Release R5.3.0 SpeedTouch™608WL and SpeedTouch™620 only...
  • Page 3 SpeedTouch™ Hyper-NAT Configuration Guide R5.3.0...
  • Page 4 Passing on, and copying of this document, use and communication of its contents is not permitted without written authorization from THOMSON. The content of this document is furnished for informational use only, may be subject to change without notice, and should not be construed as a commitment by THOMSON. THOMSON assumes no responsibility or liability for any errors or inaccuracies that may appear in this document.
  • Page 5: Table Of Contents

    Contents About this Hyper-NAT Configuration Guide .... 5 1 Introduction ..............7 The need for address translation ........... 8 What is address translation............9 2 NAT, PAT and NAPT ........... 11 3 Dynamic versus static address translation....13 4 Address translation flavours........15 Traditional or outbound address translation .......
  • Page 6 5 Application level gateways ........25 6 Network address translation configuration on the SpeedTouch™ ............. 27 Configure address translation on the GUI ........28 6.1.1 Configuring Hyper-NAT on the Web Pages............29 6.1.2 Enable/disable address translation on an interface..........30 6.1.3...
  • Page 7: About This Hyper-Nat Configuration Guide

    Terminology Generally, the SpeedTouch™608 or SpeedTouch™620 will be referred to as SpeedTouch™ in this Hyper-NAT Configuration Guide. Typographical In interactive input and output, typed input is displayed in a bold font and...
  • Page 8 About this Hyper-NAT Configuration Guide E-NIT-CTC-20040716-0004 v1.0...
  • Page 9: Introduction

    Introduction 1 Introduction Introduction Internet technology is based on the IP protocol and in order to communicate via IP, each device participating in the communication must have a unique IP address. This presents a problem, since the Internet is expanding at an exponential rate. Address translation is a method for connecting multiple computers to the Internet (or any other IP network) sharing one public IP address.
  • Page 10: The Need For Address Translation

    Address translation allows a single device, such as the SpeedTouch™, to act as an agent between the Internet (or public network) and a local (or private) network. This means that only one, unique IP address is required to represent an entire group of computers.
  • Page 11: What Is Address Translation

    What is address translation 1.2 What is address translation Introduction Using address translation, the IP and/or TCP/UDP port identifications can change while traversing the network. IP address translation SpeedTouchTM Address Translation Private Public Figure 1: IP address translation Quite some private networks use private IP addresses, meaning that these host are not known (and as such cannot be routed) within the Internet (= public network).
  • Page 12 What is address translation E-NIT-CTC-20040716-0004 v1.0...
  • Page 13: Nat, Pat And Napt

    Figure 2: NAT example As illustrated above, the SpeedTouch™ NAT box has an internally configured mapping from the private IP address to a public one and vice versa. It is transparent for NAT whether this table information is persistent or not.
  • Page 14 It is used almost exclusively by access devices designed to hide small-to- medium sized networks behind a single public IP address. NAPT works by translating the source IP address and the source port number on the public interface. Private Public 192.168.0.1/600 20.0.0.11/1025 SpeedTouch Public 192.168.0.1 192.168.0.254 20.0.0.1 30.0.0.1 NAPT enabled HTTP 30.0.0.1...
  • Page 15: Dynamic Versus Static Address Translation

    For each interface to the public network, it’s possible to activate or deactivate address translation. In the SpeedTouch™, interfaces can be enabled in three modes: Disabled: no address translation on the interface. Enabled: address translation is enabled, but when there is no address translation map, the packet is dropped.
  • Page 16 Dynamic versus static address translation NAT enabled interface Outbound connections SpeedTouch Network A Network B Inbound connections Figure 6: Inbound/outbound connections All connections, leaving from an interface where NAT is enabled are called outbound connections. Connections arriving on the NAT enabled interface are called inbound connections.
  • Page 17: Address Translation Flavours

    Address translation flavours 4 Address translation flavours Introduction Network Address Translation is a method by which IP addresses are mapped from one address realm to another, providing transparent routing to end hosts. Several flavours of network address translation transforms can be defined depending on the relationship between inside IP addresses and outside IP addresses.
  • Page 18: Traditional Or Outbound Address Translation

    Traditional or outbound address translation 4.1 Traditional or outbound address translation Introduction Traditional NAT (sometimes referred to as outbound address translation) is the most common method of using address translation. Its primary use is to translate private addresses to legal addresses for use in a public network. When configured for dynamic operation, hosts within a private network can initiate access to the public network.
  • Page 19: Basic Nat

    Basic NAT example Host 192.168.0.1 sends a packet to the Web server 30.0.0.1. As soon as the packet is processed by the SpeedTouch™ its source IP address is translated into the outside IP address 20.0.0.1 and forwarded to the Web server.
  • Page 20: Network Address Port Translation (Napt)

    Figure 8: NAPT example Host 192.168.0.1 and 192.168.0.2 both send a packet to the Web server 30.0.0.1. The SpeedTouch™ translates the inside IP addresses into the outside IP address 20.0.0.1. For returning packets, the SpeedTouch™ needs to know to which 192.168.0.x address the translation needs to be performed, that’s why the SpeedTouch™...
  • Page 21: Two-Way Nat

    Host 30.0.0.1 wants to make a connection to the Web server 192.168.0.1 on the private network. There’s a static mapping in the SpeedTouch™ which maps the private IP address 192.168.0.1 to 20.0.0.1. Host 30.0.0.1 knows IP address 20.0.0.1 and sends the packet to the SpeedTouch™.
  • Page 22: N-N Nat

    N-N NAT 4.3 N-N NAT Introduction N-N NAT is the generalization of Two-Way NAT or Basic NAT. A chosen range of inside hosts (N inside IP addresses) can be mapped to an equivalent range of outside IP addresses (N outside IP addresses) for inbound and outbound traffic.
  • Page 23: M-N Nat Or Multi Nat

    NAT box Internal Mappings Inside IP Ouside IP Dest. IP 192.168.0.1 20.0.0.1 30.0.0.1 192.168.0.2 20.0.0.2 30.0.0.1 POOL: 20.0.0.1-20.0.0.4 NAT enabled 192.168.0.1 SpeedTouch Public 192.168.0.254 20.0.0.1 30.0.0.1 192.168.0.2 Src IP Dest IP Src port Dest port Src IP Dest IP Src port Dest port 192.168.0.1...
  • Page 24: Transparent Nat

    For more information on Transparent Interface see “ Address translation per interface” on page 13 Transparent NAT translates an inside address into the same outside IP address. In fact, no translation happens and the IP packets passing through the SpeedTouch™ remains untouched. Transparent NAT example...
  • Page 25: Port Range Shifting

    Inside IP Ouside IP Inside Port Port 192.168.0.1 20.0.0.6 192.168.0.2 20.0.0.6 8080 20.0.0.6: port forwarding address PAT enabled 192.168.0.1 SpeedTouch Public 192.168.0.1 20.0.0.1 30.0.0.1 192.168.0.2 Src IP Dest IP Src port Dest port Src IP Dest IP Src port Dest port 30.0.0.1...
  • Page 26: Translation Templates

    Dest. IP Inside Port Port 192.168.0.1 0.0.0.1 50.0.0.200 5500 2013 192.168.0.1 50.0.0.12 50.0.0.200 5500 2013 0.0.0.1: wildcard NAT enabled SpeedTouch Public 192.168.0.254 192.168.0.1 50.0.0.12 50.0.0.2 Src IP Dest IP Src port Dest port Src IP Dest IP Src port Dest 50.0.0.200 192.168.0.1...
  • Page 27: Application Level Gateways

    Application level gateways 5 Application level gateways Introduction Some of the advanced protocols or applications have more complicated requirements than other traditional ones and lead to significant problems when deployed in concert with NAT implementations. The main structural issues that lead to NAT-unfriendly situations are: Bundled session Some advanced applications use several connections for a single call.
  • Page 28 ALGs determine what kind of packet is being processed and if needed examine and adjust packet’s payload fields. The following ALGs are embedded in the SpeedTouch™ routers; they are bound on the mentioned default ports:...
  • Page 29: Network Address Translation Configuration On The Speedtouch

    Network address translation configuration on the SpeedTouch™ 6 Network address translation configuration on the SpeedTouch™ Overview This chapter covers the following topics: Topic Page 6.1 Configure address translation on the GUI 6.3 Configure NAT maps 6.4 Configure NAPT maps 6.5 Configure port shifting maps 6.6 Configure templates...
  • Page 30: Configure Address Translation On The Gui

    Configure address translation on the GUI 6.1 Configure address translation on the GUI Introduction This covers following topics: Configuring Hyper-NAT on the Web Pages Enable/disable address translation on an interface Create an address translation mapping Create a template E-NIT-CTC-20040716-0004 v1.0...
  • Page 31: Configuring Hyper-Nat On The Web

    6.1.1 Configuring Hyper-NAT on the Web Pages Step by step Proceed as follows: configuration Open a web browser and browse to the SpeedTouch™ web pages at http:// speedtouch or http://192.168.1.254. Switch to Expert mode Browse to IP router > NAT...
  • Page 32: Enable/Disable Address Translation On An Interface

    Enable/disable address translation on an interface 6.1.2 Enable/disable address translation on an interface Step by step Proceed as follows: configuration Select the Interfaces Menu Select the Interface that has to be enabled/disabled. use Save All to make the settings permanent. E-NIT-CTC-20040716-0004 v1.0...
  • Page 33: Create An Address Translation Mapping

    Create an address translation mapping 6.1.3 Create an address translation mapping Introduction An address translation map is used for mapping one or more private IP addresses into one or more public IP address on a specific interface. Create a NAT map Proceed as follows: Select the Mappings menu and click New to create a new map Select NAT from the Type list.
  • Page 34 Create an address translation mapping Inside address The inside (typically private) IP address(es) to enable inbound sessions. Access list You can use the access list to define the address (es) that are allowed to use the outbound connections. Foreign address The foreign address is used to define the address (es) that are allowed to use the inbound connections.
  • Page 35 Create an address translation mapping Protocol The IP protocol on which address translation has to be applied. Advantage: To link specific traffic (protocol dependent) to a chosen private host. Any protocol means all protocols. Outside address The outside (typically public) IP address(es) (range). ->...
  • Page 36: Create A Template

    Create a template 6.1.4 Create a template Create a NAT template Proceed as follows: Select the Templates menu and click New to create a new template Select NAT from the Type list. Select or fill in all required information: Portmap Description properties Interface...
  • Page 37 Create a template Inside address The inside (typically private) IP address(es) (range) to enable inbound sessions. Access list You can use the access list to define the address(es) that are allowed to use the outbound connections. Foreign address The foreign address is used to define the address(es) that are allowed to use the inbound connections.
  • Page 38 Create a template Select or fill in all required information: Portmap Description properties Interface The name of the interface that needs to be address translated. Note: The interface must previously have been enabled for address translation, see “6.1.2 Enable/disable address translation on an interface”...
  • Page 39: Configure Address Translation On The Cli

    Configure address translation on the CLI 6.2 Configure address translation on the CLI Introduction This covers following topics: Configuring Hyper-NAT on the CLI How to enable/disable address translation on an interface How to create an address translation mapping How to create a template Configuring Hyper-NAT With the CLI command you can see all nat commands.
  • Page 40 Configure address translation on the CLI How to create an The command , is used for adding address translation mappings. :nat mapadd address translation mapping =>:nat mapadd intf = ppp_pppoa [type] = nat [outside_addr] = [inside_addr] = [access_list] = [foreign_addr] = [protocol] = [outside_port] = [inside_port] =...
  • Page 41 Configure address translation on the CLI Portmap Description properties Interface The name of the IP interface that needs to be address translated. Note: The interface must previously have been enabled for address translation, see “6.1.2 Enable/disable address translation on an interface” on page Group The IP interface group scope for this template.
  • Page 42: Configure Nat Maps

    Configure NAT maps 6.3 Configure NAT maps Introduction This section explains the configuration of the different NAT maps. Topic Page 6.3.1 Basic NAT 6.3.2 Two-Way NAT 6.3.3 N-N NAT 6.3.4 Multi NAT 6.3.5 Transparent NAT General remarks Depending on the NAT flavour some configuration information is mandatory other not.
  • Page 43: Basic Nat

    Basic NAT 6.3.1 Basic NAT Introduction Prerequisites: Outbound: An inside host address (source address) is translated into an outside address. Inbound: No traffic can be initiated. Create a new NAT map and fill in the required information. Portmap Value property ppp_pppoa Interface Protocol...
  • Page 44: Two-Way Nat

    Two-Way NAT 6.3.2 Two-Way NAT Introduction Prerequiresites: Outbound: An inside host address (source address) is translated into an outside address. Inbound: An outside address (destination address) is translated into an inside host address. Traffic can initiated inbound and outbound. Specifying an inside address is allowing inbound connections. Create a new NAT map and fill in the required information.
  • Page 45: N-N Nat

    N-N NAT 6.3.3 N-N NAT Introduction Prerequisites: Outbound: A set of inside host addresses (source addresses) are translated into a set of outside addresses. Inbound: A set of outside addresses (source addresses) are translated into a set of inside host addresses. Traffic can be initiated inbound and outbound.
  • Page 46: Multi Nat

    Define IP address (es) or leave empty. When an inside host (within the access list) connects to an outside host, the SpeedTouch™ selects an available outside address (not used for another connection yet) to allow outbound traffic. When all outside addresses are in use, no other connection is allowed to use the NAT map.
  • Page 47 The entry with outside address 20.0.0.1: Inside host 192.168.1.64 makes a connection to an outside host (e.g. 30.0.0.1) The SpeedTouch™ uses the first available address 20.0.0.1 to make an outbound connection. The entry with outside address 20.0.0.2: Inside host 192.168.1.65 makes a connection to an outside host (e.g.
  • Page 48: Transparent Nat

    For every transparent natmap it is necessary to add: an interface route on the SpeedTouch™ to the LAN device (inside address). a proxy ARP on the SpeedTouch™, to reach the default gateway (BAS) from the LAN device. Transparent Basic NAT Create a new NAT map and fill in the fields.
  • Page 49 Transparent NAT Transparent Two-Way Transparent NAT is more used for inbound sessions for example to send packets to a private server with his private IP address. This to avoid re-configuration. You can do the same with N-N NAT. Another applicability for transparent NAT is IP-passthrough, see “6.4.4 NAPT using transparent default server and port range constraint (=IP Passthrough)”...
  • Page 50: Configure Napt Maps

    Configure NAPT maps 6.4 Configure NAPT maps Introduction This section explains the configuration of the different NAT maps. Topic Page Basic NAPT 6.4.2 NAPT using default server 6.4.3 NAPT using transparent default server 6.4.5 NAPT using host function 6.4.6 NAPT using transparent host function 6.4.7 NAPT using dynamic port range constraint E-NIT-CTC-20040716-0004 v1.0...
  • Page 51: Basic Napt

    Basic NAPT 6.4.1 Basic NAPT Introduction Prerequisites: Outbound: Inside host addresses (source addresses) are translated into the outside address, using port translation to differentiate traffic. Inbound: No traffic can be initiated. Traffic can only be initiated by an inside host. Create a new NAT map and fill in the fields.
  • Page 52: Napt Using Default Server

    NAPT using default server 6.4.2 NAPT using default server Introduction Prerequisites: Outbound: Inside host addresses (source addresses) are translated into the outside address, using port translation to differentiate traffic. Inbound: The outside address (destination address) is translated into the inside host address (default server).
  • Page 53: Napt Using Transparent Default Server

    NAPT using transparent default server 6.4.3 NAPT using transparent default server Introduction In configuration “6.4.1 Basic NAPT” on page 49 the inside address and outside address might be exactly the same (strictly same address). In this case, transparent address translation applies for inbound traffic. No translation is to be made. The description of the NAPT map is ‘NAPT using transparent default server’.
  • Page 54: Napt Using Transparent Default Server And Port Range Constraint (=Ip Passthrough)

    NAPT using transparent default server and port range constraint (=IP Passthrough) 6.4.4 NAPT using transparent default server and port range constraint (=IP Passthrough) Create a new NAPT map and fill in the fields. Portmap properties Value pppoa Interface Protocol 20.0.0.1 Outside address 50000 to 60000 ->...
  • Page 55: Napt Using Host Function

    In configuration “6.4.1 Basic NAPT” on page 49 the inside address might be an IP address of the SpeedTouch™ itself. The description of the NAPT map is ‘NAPT using host function’. Traffic can be initiated inbound and outbound, all inbound traffic is sent to the SpeedTouch™...
  • Page 56: Napt Using Transparent Host Function

    In configuration “6.4.1 Basic NAPT” on page 49 the inside address and outside address might be an IP address of the SpeedTouch™ itself. The description of the NAPT map is ‘NAPT using transparent host function’. Traffic can be initiated inbound and outbound, all inbound traffic is sent to the SpeedTouch™...
  • Page 57: Napt Using Dynamic Port Range Constraint

    NAPT using dynamic port range constraint 6.4.7 NAPT using dynamic port range constraint Introduction Prerequisistes: Outbound: Inside host addresses (source addresses) are translated into the outside address, using port translation to differentiate traffic. The dynamic port range use for translation is restricted to a chosen port range. Inbound: No traffic can be initiated.
  • Page 58: Configure Port Shifting Maps

    Configure port shifting maps 6.5 Configure port shifting maps E-NIT-CTC-20040716-0004 v1.0...
  • Page 59: Inbound Port Shifting

    Inbound port shifting 6.5.1 Inbound port shifting Introduction This is an extension of Two-Way NAT where ports of inbound traffic are statically translated from outside port range to inside port range. Port ranges must have the same size. Create a new NAT map and fill in the fields. Portmap properties Value pppoa...
  • Page 60: Configure Templates

    6.6 Configure templates Introduction Templates are used when the public interfaces gets dynamically assigned IP address. A template assigns a wildcard (0.0.0.x) to the IP address of the public interface. Network setup SpeedTouch PPPoA 192.168.0.1 Public network 101.101.101.x Wildcard: 0.0.0.1 192.168.0.254...
  • Page 61 Configure templates =>:nat tmpladd intf=any group=any type=nat outside_addr=0.0.0.1 E-NIT-CTC-20040716-0004 v1.0...
  • Page 62: N Templates

    X+n templates 6.6.1 X+n templates Introduction This is the same then a normal template but with a whole range of mappings. Create a NAT template and fill in the fields. =>:nat tmpladd intf=any group=any type=nat outside_addr=0.0.0.[3-5] inside_addr=192.168.1.[64-66] E-NIT-CTC-20040716-0004 v1.0...
  • Page 63 X+n templates E-NIT-CTC-20040716-0004 v1.0...
  • Page 64 X+n templates E-NIT-CTC-20040716-0004 v1.0...
  • Page 66 Need more help? Additional help is available online at www.speedtouch.com...

Table of Contents