H3C S9500 Series Operation Manual page 126

Routing switches

Hide thumbs Also See for S9500 Series:

Command manual (1842 pages)

Operation manual (1504 pages)

Operating manual (76 pages)

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

Table of Contents

Operation Manual – NAT

H3C S9500 Series Routing Switches

Packets 1 and 2 are from the same internal address but have different source port

numbers.

Packets 3 and 4 are from different internal addresses but have the same source

port number.

By using NAPT mapping, the four packets are translated into the same public address,

but are given different source port numbers. In this way, the differences between the

four packets are kept, and the NAT process can distinguish the response packets for

each of them by destination address and port number.

III. Easy IP

With the nat outbound command configured, NAT with the Easy IP feature uses the

public address of the VLAN interface on the NAT equipment as the translated source

addresses. If you have only one public network IP address available or you have a

limited number of internal IP addresses to be translated, you can use Easy IP to

implement NAT.

IV. Internal Servers

NAT conceals the internal network topology and acts as a shield for internal hosts. But

in practical applications, it might be required to provide some chances for external

hosts to access certain internal devices such as internal WWW servers or FTP servers.

By using NAT, you can flexibly add internal servers. For instance, you can use

202.169.10.10 as the public address for an internal WWW server, and 202.110.10.11

as that for an FTP server. You can even use 202.110.10.12:8080 as the public address

for an internal WWW server.

If a user is not concerned about (or does not know) the port number of an internal server,

you can configure the NAT AnyServer function to simplify internal server configuration.

The AnyServer feature allows a public host to access all the ports of a specific protocol

(ICMP provides no port information) on an internal server and thus hosts on the public

network and private network can access each other. For example, a public host can use

the public IP address 202.168.20.10 of an internal server to access all TCP ports on the

internal server, or use the public IP address 202.168.20.11 of another internal server to

access all UDP ports on it.

V. Static NAT

You can map the IP address of an internal host to a fixed public address through static

NAT. For example, you can map the IP address 192.168.30.10 of an internal host to

public address 202.168.30.10. Then, if the host sends packets to the public network,

the source IP address in the packets will be translated to 202.168.30.10; the external

hosts can also access the internal host directly using the public address 202.168.30.10.

Comparison between AnyServer and static NAT:

1-5

Chapter 1 NAT Configuration

Table of Contents

Chapters

Table of Contents

H3C S9500 Series Operation Manual page 126

Chapters

Troubleshooting

Related Products for H3C S9500 Series

H3C S9500 Series Operation Manual page 126

Chapters

Troubleshooting

Related Manuals for H3C S9500 Series

Related Products for H3C S9500 Series

Table of Contents