Port Restricted Cone Nat; Nat Mapping Types; Figure 144 Port Restricted Cone Nat Example - ZyXEL Communications ZyWall 35 User Manual

ZyWALL 35 User's Guide

17.1.5 Port Restricted Cone NAT

Port restricted cone NAT maps all outgoing packets from an internal IP address and port to a
single IP address and port on the external network. In the following example, the ZyWALL
maps the source address of all packets sent from internal IP address 1 and port A to IP address
2 and port B on the external network. A host on the external network (IP address 3 and Port C
for example) can only send packets to the internal host if the internal host has already sent a
packet to the external host's IP address and port.
A server with IP address 1 and port A sends packets to IP address 3, port C and IP address 4,
port D. The ZyWALL changes the server's IP address 2 and port B.
Since 1, A has already sent packets to 3, C and 4, D, they can send packets back to 2, C and
the ZyWALL will perform NAT on them and send them to the server at IP address 1, port A.
Packets have not been sent from 1, A to 4, E or 5, so they cannot send packets to 1, A.

Figure 144 Port Restricted Cone NAT Example

17.1.6 NAT Mapping Types

NAT supports five types of IP/port mapping. They are:
• One to One: In One-to-One mode, the ZyWALL maps one local IP address to one global
IP address.
• Many to One: In Many-to-One mode, the ZyWALL maps multiple local IP addresses to
one global IP address. This is equivalent to SUA (i.e., PAT, port address translation),
ZyXEL's Single User Account feature (the SUA option).
• Many to Many Overload: In Many-to-Many Overload mode, the ZyWALL maps the
multiple local IP addresses to shared global IP addresses.
• Many One to One: In Many-One-to-One mode, the ZyWALL maps each local IP
address to a unique global IP address.
296 Chapter 17 Network Address Translation (NAT)