Chapter 3 Nat; Introduction To Nat - H3C SecPath F1800-A Operation Manual

Operation Manual - Security Defence
H3C SecPath F1800-A Firewall

3.1 Introduction to NAT

As described in RFC1631, NAT is to translate the IP address in IP data packet header
into another IP address. It is mainly used for private network to access external
network in practice. NAT can slow down the IP address space depletion by using
several public IP addresses to represent multiple private IP addresses.
Note:
Usually, private networks use private IP addresses. RFC1918 defines three IP
address blocks for private and internal use as follows:
Class A: 10.0.0.0 to 10.255.255.255 (10.0.0.0/8)
Class B: 172.16.0.0 to 172.31.255.255 (172.16.0.0/12)
Class C: 192.168.0.0 to 192.168.255.255 (192.168.0.0/16)
IP addresses in the above three ranges will not be assigned in the Internet, so they
can be used in the intranet of a company or enterprise without need of requesting ISP
or register center.
A basic NAT application is shown in
PC
192.168.1.3
Server
192.168.1.2
Figure 3-1 Networking diagram of basic processes of NAT

Chapter 3 NAT

Figure
Data packet 1:
Source:192.168.1.3
Destination:202.120.10.2
Trust
SecPath
e0/0/0
192.168.1.1
Data packet 2:
Source: 202.120.10.2
Destination:192.168.1.3
6-67
3-1.
Data packet 1:
Source: 202.169.10.1
Destination:202.120.10.2
Untrust
s0/0/0
202.169.10.1
Data packet 2:
Source:202.120.10.2
Destination: 202.169.10.1
Chapter 3 NAT
Server
202.120.10.2
Internet
PC
202.130.10.3