Table of Contents
Advertisement
4.2 Two-Way NAT
Introduction
Two-way NAT example
E-NIT-CTC-20040716-0004 v1.0
Traditional NAT is designed to handle only outbound transactions; clients on the local
network initiate requests and devices on the Internet send back responses. However,
in some circumstances, we may want to go in the opposite direction. That is, we
may want to have a device on the outside network initiate a transaction with one on
the inside. To permit this, we need a more capable type of NAT. This enhancement
goes by various names, most commonly Bidirectional NAT, Two-Way NAT and
Inbound NAT. All of these convey the concept that this kind of NAT allows both the
type of transaction we saw in the previous topic and also transactions initiated from
the outside network
SpeedTouch
192.168.0.1
192.168.0.254
Src IP
Dest IP
Src port
30.0.0.1
192.168.0.1
5500
Src IP
Dest IP
Src port
192.168.0.1
30.0.0.1
80
Figure 9:
Host 30.0.0.1 wants to make a connection to the Web server 192.168.0.1 on the
private network.
There's a static mapping in the SpeedTouch™ which maps the private IP address
192.168.0.1 to 20.0.0.1. Host 30.0.0.1 knows IP address 20.0.0.1 and sends the
packet to the SpeedTouch™. The SpeedTouch™ translates the outside address
20.0.0.1 to the inside address 192.168.0.1 and forwards the packet.
NAT box Internal Mappings
Inside IP
Ouside IP
Dest. IP
192.168.0.1
20.0.0.1
30.0.0.1
20.0.0.1: static dest. address
NAT enabled
TM
Public
20.0.0.1
Dest port
Src IP
80
30.0.0.1
Dest port
Src IP
5500
20.0.0.1
Two-Way NAT example
Two-Way NAT
Outside
Dest.
Inside Port
Port
Port
5500
5500
80
`
30.0.0.1
Dest IP
Src port
Dest port
20.0.0.1
5500
80
Dest IP
Src port
Dest port
30.0.0.1
80
5500
19
Advertisement
Table of Contents
