Nat Technical Reference - ZyXEL Communications ZyWALL 1100 User Manual
Zywall/usg series
Hide thumbs
Also See for ZyWALL 1100:
- User manual (994 pages) ,
- Handbook (749 pages) ,
- Reference manual (665 pages)
Table of Contents
Advertisement
Table 117 Configuration > Network > NAT > Add (continued)
LABEL
Mapped End Port
Enable NAT
Loopback
Security Policy
OK
Cancel
12.3 NAT Technical Reference
Here is more detailed information about NAT on the ZyWALL/USG.
NAT Loopback
Suppose an NAT 1:1 rule maps a public IP address to the private IP address of a LAN SMTP e-mail
server to give WAN users access. NAT loopback allows other users to also use the rule's original IP
to access the mail server.
For example, a LAN user's computer at IP address 192.168.1.89 queries a public DNS server to
resolve the SMTP server's domain name (xxx.LAN-SMTP.com in this example) and gets the SMTP
server's mapped public IP address of 1.1.1.1.
Chapter 12 NAT
DESCRIPTION
This field is available if Mapping Type is Ports. Enter the end of the range of
translated destination ports if this NAT rule forwards the packet. The original port
range and the mapped port range must be the same size.
Enable NAT loopback to allow users connected to any interface (instead of just the
specified Incoming Interface) to use the NAT rule's specified Original IP address to
access the Mapped IP device. For users connected to the same interface as the
Mapped IP device, the ZyWALL/USG uses that interface's IP address as the source
address for the traffic it sends from the users to the Mapped IP device.
For example, if you configure a NAT rule to forward traffic from the WAN to a LAN
server, enabling NAT loopback allows users connected to other interfaces to also
access the server. For LAN users, the ZyWALL/USG uses the LAN interface's IP address
as the source address for the traffic it sends to the LAN server. See
page 272
for more details.
If you do not enable NAT loopback, this NAT rule only applies to packets received on
the rule's specified incoming interface.
By default the security policy blocks incoming connections from external addresses.
After you configure your NAT rule settings, click the Security Policy link to configure
a security policy to allow the NAT rule's traffic to come in.
The ZyWALL/USG checks NAT rules before it applies To-ZyWALL/USG security policies,
so To-ZyWALL/USG security policies, do not apply to traffic that is forwarded by NAT
rules. The ZyWALL/USG still checks other security policies, according to the source IP
address and mapped IP address.
Click OK to save your changes back to the ZyWALL/USG.
Click Cancel to return to the NAT summary screen without creating the NAT rule (if it
is new) or saving any changes (if it already exists).
ZyWALL/USG Series User's Guide
272
NAT Loopback on
- Quick Links:
- Web Configurator
- Web Configurator Access
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
