Anonymizing With Nat - D-Link NetDefendOS User Manual

Chapter 7: Address Translation
tunnel. This arrangement is illustrated in the diagram below.
Figure 7.4. Anonymizing with NAT
NetDefendOS is set up with NAT rules in the IP rule set so it takes communication traffic coming
from the client and NATs it back out onto the Internet. Communication with the client is with the
PPTP protocol but the PPTP tunnel from the client terminates at the firewall. When this traffic is
relayed between the firewall and the Internet, it is no longer encapsulated by PPTP.
When an application, such as a web server, now receives requests from the client it appears as
though they are coming from the anonymizing service provider's external IP address and not the
client's IP. The application therefore sends its responses back to the firewall which relays the
traffic back to the client through the PPTP tunnel. The original IP address of the client is not
revealed in traffic as it is relayed beyond the termination of the PPTP tunnel at the NetDefendOS.
Typically, all traffic passes through the same physical interface and that interface has a single
public IP address. Multiple interfaces could be used if multiple public IPv4 addresses are
available. There is clearly a small processing overhead involved with anonymizing traffic but this
need not be an issue if sufficient hardware resources are employed to perform the anonymizing.
This same technique can also be used with L2TP instead of PPTP connections. Both protocols are
discussed further in Section 9.5.4, "PPTP/L2TP Clients".
583