ELSA LANCOM Office Manual page 182

R36 Technical basics
from the welcome savings, IP masquerading has the added benefit of guarding very
effectively against attacks on the local network from the Internet.
Two addresses for the router
Masquerading pits two opposing requirements of the router against one another: While
it must have an IP address which is valid on the local network, it must also have an
address valid on the Internet. Since these two addresses may not in principle be located
on the same logical network, there is only one solution: two IP addresses are required.
The router is therefore assigned an Internet address and an intranet address, each with
its own fitting network mask. Use the 'Masquerade' option in the routing table to inform
the router which of the two addresses to use when transferring the packets. If a specific
address is requested from the provider, two options are available for the actual address
assignment:
The provider assigns the desired address to the router. The network mask now
decides how many computers are masked behind the router.
– IP address with full '255.255.255.255' network mask: This is your own unique IP
– IP address with an incomplete network mask, e.g. '255.255.255.248': You have
The provider assigns another address to the router. Then all computers in the local
network are masked behind the assigned address.
How does IP masquerading work?
Masquerading makes use of a characteristic of TCP/IP data transmission, which is to use
port numbers for destination and source as well as the source and destination addresses.
When the router receives a data packet for transfer it now notes the IP address and the
sender's port in an internal table. It then gives the packet its unique IP address and a
new port number, which could be any number. It also enters this new port on the table
and forwards the packet with the new information.
The response to this new packet is now sent to the IP address of the router with the new
sender port number. The entry in the internal table allows the router to assign this
response to the original sender again.
You can view these tables in detail in the router statistics (see also 'Status').
ELSA LANCOM Office
address, registered by the NIC. None of the other computers on the network
have valid Internet addresses and are masked behind the router's fixed address.
several registered IP addresses, one of which you assign to the router. The
remaining IP addresses are assigned permanently to devices on the intranet,
which can then use unmasked connections to access the Internet. The other
devices can still access the Internet using masked connections.
Ver.0:26.08.99/Ver.14:04.04.00