Using Nat Pools - D-Link NetDefend DFL-210 User Manual

7.2. NAT Pools
Chapter 7. Address Translation
Stateless NAT Pools
The Stateless option means that no state table is maintained and the external IP address chosen for
each new connection is the one that has the least connections already allocated to it. This means two
connections between one internal host to the same external host may use two different external IP
addresses.
The advantage of a Stateless NAT Pool is that there is good spreading of new connections between
external IP addresses with no requirement for memory allocated to a state table and there is less
processing time involved in setting up each new connection. The disadvantage is that it is not
suitable for communication that requires a constant external IP address.
Fixed NAT Pools
The Fixed option means that each internal client or host is allocated one of the external IP addresses
through a hashing algorithm. Although the administrator has no control over which of the external
connections will be used, this scheme ensures that a particular internal client or host will always
communicate through the same external IP address.
The Fixed option has the advantage of not requiring memory for a state table and providing very fast
processing for new connection establishment. Although explicit load balancing is not part of this
option, there should be spreading of the load across the external connections due to the random
nature of the allocating algorithm.
IP Pool Usage
When allocating external IP addresses to a NAT Pool it is not necessary to explicitly state these.
Instead a NetDefendOS IP Pool object can be selected. IP Pools gather collections of IP addresses
automatically through DHCP and can therefore supply external IP addresses automatically to a NAT
Pool. See Section 5.5, "IP Pools" for more details on this topic.
Proxy ARP Usage
Where an external router sends ARP queries to the D-Link Firewall to resolve external IP addresses
included in a NAT Pool, NetDefendOS will need to send the correct ARP replies for this resolution
to take place through its Proxy ARP mechanism so the external router can correctly build its routing
table.
By default, the administrator must specify in NAT Pool setup which interfaces will be used by NAT
pools. The option exists however to enable Proxy ARP for a NAT Pool on all interfaces but this can
cause problems sometimes by possibly creating routes to interfaces on which packets should not
arrive. It is therefore recommended that the interface(s) to be used for the NAT Pool Proxy ARP
mechanism are explicitly specified.

Using NAT Pools

NAT Pools are used in conjunction with a normal NAT IP rule. When defining a NAT rule, the
dialog includes the option to select a NAT Pool to use with the rule. This association brings the
NAT Pool into use.
Example 7.2. Using NAT Pools
This example creates a NAT pool which will be applied the external IP address range 10.6.13.10 to 10.16.13.15
and then uses it in a NAT IP rule for HTTP traffic on the Wan interface.
289