User manual

ManualsBrandsAlvarion ManualsNetworkingBreezeNET B300 GigE

201

202

203

204

205

206

207

208

209

210

Chapter 4 - Layer 3 Command Set - IP Networking Nat Command (Network Address Translation)

Alvarion BreezeNET B130/B300 GigE 198 Operational User Manual

ISP's backbone networks via radio interface and ISP's backbone is built using

private internets. So what is the physical interface to assign the public IP?

It may be assigned using alias name to any physical interfaces or to virtual

interface null0.

ifconfig null0 123.1.1.1/32 up

More than that, sometimes one can avoid public IP assignment to physical

interfaces at all. The procedure goal is to provide public IP accessibility from

Internet. But this may be done using static routing. All packets routed to this

public address will get into your LAN. Link with the physical interfaces is not

necessary. NAT-module will perform conversion before packet forwarding -

enough packets entering into the device.

If the provider gave you a small block of address (e.g. 123.1.1.0/30), you can

assign the whole block on null0 (e.g. "ifconfig null0 123.1.1.0/30") and use these

addresses. For example, in this case you can use the first address 123.1.1.0 as an

alias_address, and the rest - for the packets redirection on the local machines

using nat redirect_xxx (see below) or for other public addresses for other private

networks.

NAT module is designed in such a way so the original source and destination

addresses are used (this is important when creating firewall rules, qm rules, ipstat

analyzing). For example, when creating a Firewall rule, one should use local

addresses for the private network. They will be shown in ipstat module also.

This command also sets the name of an access list (ACL) of your private networks,

which require network address translation.

All packets with source addresses that are included into the local_acl list are

considered as outgoing and are subject to translation. Exceptions are the packets

going from local_acl to local_acl, and packets going from local_acl to the system

own addresses. All these packets and the rest of the packets are considered as

incoming and, if they are not reserved to the translated connections, pass through

without being changed.

acl add $NAT net 192.168.1.0/24

nat local_acl $NAT 123.1.1.1

In this example we created a list with the only network 192.168.1.0/24 (your

private network), referring to it in local_acl command and assigning 123.1.1.1

address as a public address for this network.

You can create several private networks having assigned different public

addresses to each of them. Translation will be carried out independently.