Network Setup > Snat - Multitech RouteFinder RF850 User Manual

Network Setup > SNAT
The SNAT (Source Network Address Translation) process allows attaching private networks to public networks.
SNAT is used when you want to have a LAN using a private IP network to be connected to the internet via a
firewall. Since the private IP addresses are not routed on the internet, you have to apply SNAT on the firewall's
external interface.
The firewall's internal interface serves as the default gateway for the LAN. Hence, a rule is added to the firewall
to replace the source address of all packets crossing the firewall's external interface from inside to outside with
the firewall's own IP address. Once the request gets answered from the Internet host, the firewall will receive the
reply packets and will forward them to the client on the LAN.
On this screen you can set up the RouteFinder's ability to rewrite the source address of in-transit data packages
using SNAT. This functionality is equivalent to DNAT, except that the source addresses of the IP packets are
converted instead of the target addresses being converted. This can be helpful in more complex situations (e.g.,
diverting reply packets of connections to other networks or hosts).
Important
For SNAT support, the TCP and/or UDP settings must be enabled at Networks & Services > Services >
Protocol.
Important
As the translation takes place after the filtering by packet filter rules, you must allow connections that concern
your SNAT rules in Packet Filters > Packet Filter Rules with the original source address. Packet filter rules are
covered later in this chapter.
Note: To create simple connections from private networks to the Internet, you should use the Network Setup >
Masquerading function instead of SNAT. In contrast to Masquerading, SNAT is a static address conversion,
and the rewritten source address does not have to be one of the RouteFinder's IP addresses.
Screen Note: If you do not have Failover enabled, Failover Status and related note will not display.
Add SNAT Definition
From the drop down list boxes, select IP packet characteristics to be translated. The options are:
Pre SNAT Source
Select the original source network of the packet. The network must be predefined in the
Networks menu. The entry is confirmed by clicking the Add button. Existing entries can be
deleted or edited by clicking the Edit or the Delete buttons.
The options are Any, LAN, WANInterface, WAN, DMZ Interface, and DMZ when Load
Balancing is disabled.
The options are Any, LAN, WANLINK1 Interface, WANLINK1, WANLINK2 Interface,
WANLINK2 and when Load Balancing is enabled.
Service
Allows the corresponding service for the Pre SNAT Source entry field to be chosen from the
select menus. The service must have already been defined in the Services menu.
Destination
Select the target network of the packet. The network must have been defined in the
Network menu. The entry is confirmed by clicking the Add button. Existing entries can be
deleted or edited by clicking the Edit or the Delete buttons.
Post SNAT Source
Selects the source addresses of all the packets after the translation. Only one host can be
specified here. The entry is confirmed by clicking the Add button. Existing entries can be
deleted or edited by clicking the Edit or the Delete buttons.
Multi-Tech Systems, Inc. RouteFinder RF850/860 User Guide (PN S000400E)
Chapter 6 – RouteFinder Software
Network Setup > SNAT
95