Anonymizing With Nat - D-Link NetDefend DFL-210 User Manual

7.2. NAT
This means that:
• An internal machine can communicate with several external servers using the same IP protocol.
• An internal machine can communicate with several external servers using different IP protocols.
• Several internal machines can communicate with different external servers using the same IP
protocol.
• Several internal machines can communicate with the same server using different IP protocols.
• Several internal machines can not communicate with the same external server using the same IP
protocol.
Some protocols, regardless of the method of transportation used, can cause problems during address
translation.
Anonymizing Internet Traffic with NAT
A useful application of the NAT feature in NetDefendOS is for anonymizing service providers to
anonymize traffic between clients and servers across the public Internet so that the client's public IP
address is not present in any server access requests or peer to peer traffic.
We shall examine the typical case where the NetDefend Firewall acts as a PPTP server and
terminates the PPTP tunnel for PPTP clients. Clients that wish to be anonymous, communicate with
their local ISP using PPTP. The traffic is directed to the anonymizing service provider where a
NetDefend Firewall is installed to act as the PPTP server for the client, terminating the PPTP tunnel.
This arrangement is illustrated in the diagram below.
Figure 7.2. Anonymizing with NAT
Note: Restrictions only apply to IP level protocols
These restrictions apply only to IP level protocols other than TCP, UDP and ICMP,
such as OSPF and L2TP. They do not apply to the protocols transported by TCP, UDP
and ICMP such as telnet, FTP, HTTP and SMTP. NetDefendOS can alter port number
information in the TCP and UDP headers to make each connection unique, even
though such connections have had their sender addresses translated to the same IP.
301
Chapter 7. Address Translation