Nat Modes & Types - D-Link DFL-900 User Manual

Part III
NAT & Routing
192.168.40.1:2933 to 61.2.1.1:2933 in both ways. Accordingly, the source IP address and port of the Connection2 are translated
from 192.168.40.100:7896 to 61.2.1.2:7896 in both ways.
7.5.5 NAT modes & types
The following three NAT modes are supported by DFL-1500 now as the following Table 7-4.
NAT mode
If you choose this mode, the DFL-1500 will act as a pure router without performing any address
None
translation.
The DFL-1500 automatically performs Many-to-One NAT for all LAN/DMZ subnets. All the IP addresses
Basic
with outgoing packets will be translated to the IP address of default WAN link automatically.
The DFL-1500 can be manually configured with Many-to-One, and Many-to-Many, One-to-One, and
bidirectional One-to-One rules to do policy-based NAT. Here policy-based NAT means that you can fully
Full Feature
decide which zone (LAN, DMZ) will do the IP NAT and which zone (LAN, DMZ) will just do the pure IP
routing without IP translation.
If you choose Full Feature mode of NAT at Table 7-4, you may need to edit the rule by yourself. Then you must determine the NAT
type in the NAT rule. What meaning does each NAT type represent? How to determine which NAT type is best choice for you. You
can lookup the explanations and suggestions at Table 7-5.
Type
Map a pool of private IP addresses to a single
Many-to-One
public IP address chosen from the WAN ports.
Map a pool of private IP addresses to a subnet
range of public IP addresses chosen from the
WAN ports. Only when all ports of the first
Many-to-Many
public IP are used, it will then use the next
public IP address for transferring by all private
IPs.
Map a single private IP address to a single
public IP address chosen from the WAN ports.
This was useful when you have multiple public
One-to-One
IPs in the WAN ports. And you intended to
map each local server to a unique public IP on
the WAN port.
An internal host is fully mapped to a WAN IP
One-to-One
address. Notice that you must add a firewall
(bidirectional)
rule to forward WAN to LAN/DMZ traffic.
D-Link
Table 7-4 NAT modes overview
Description
Table 7-5 The NAT type comparison
Description
Usage moment
If the public IP addresses of your company is insufficient, and
you prefer to increase the node which can connect to the
internet. You can just choose the Many-to-One type to fit your
request.
If the public IP address of your company is not only one node
(ex. you have applied extra-one ISP). You may use the
Many-to-Many type to make the multiple public addresses
sharing the outbound bandwidth. So your inbound and
outbound traffic will be more flexible.
If you wish to specify a unique internal IP address to transfer a
fixed external IP address. You can specify the One-to-One
type.
If you wish to expose the local pc onto the internet, and open
all internet services outside. You can specify the One-to-One
(bidirectional) type. This will make the local pc you specified
fully exposed to the internet. Additionally you must add a
firewall rule to allow WAN to LAN (or DMZ) traffic forward.
Then you can finish the settings. Be careful to use this type, or
it will endanger your network security.
72