3Com Switch 8800 Advanced Software V5 Configuration Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve 9400sl 4-Port 10-GbE Module

981

982

983

984

985

986

987

988

989

990

988 CHAPTER 76: NAT CONFIGURATION

Figure 297 depicts an NAPT process.

Figure 297 An NAPT process

As illustrated in the above figure, four data packets arrive at the NAT gateway.

Packets 1 and 2 have the same internal address but different source port numbers.

Packets 3 and 4 have different internal addresses but the same source port

number. NAPT maps the four data packets to the same external address but with

different source port numbers. Therefore, the packets can still be discriminated.

When response packets arrive, the NAT gateway can forward them to the

corresponding hosts based on the destination address and port numbers.

Internal server

NAT hides the internal network structure, including the identities of internal hosts.

However, in practice, external contacts to internal hosts are sometimes also

necessary. In this case, you need an internal server, such as a WWW server or an

FTP server to provide such services. With NAT, you can deploy an internal server

easily and flexibly. For instance, you can use 20.1.1.10 as the WWW server’s

external address, 20.1.1.11 as the FTP server’s external address; or you can even

use such address 20.1.1.12:8080 as the WWW server’s external address.

Currently, this feature is available on the device. When an external user accesses

an internal server, NAT translates the destination address in the request packet to

the private IP address of the internal server. When the internal server returns a

packet, NAT translates the source address (a private IP address) of the packet into a

public IP address.

Easy IP

Easy IP allows the NAT gateway to use the public IP address of an interface as the

translated source address for NAT. Besides, the NAT gateway can use ACLs to

define the internal IP addresses for NAT.

Support for special protocols

Apart from the basic address translation function, NAT also provides a perfect

application layer gateway mechanism that supports various special application

protocols without modifying the NAT platform. Because of this, NAT offers high

192.168.1.3

Internet

IP packet 2

Source IP : 192.168.1.3

Source port : 2468

IP packet 2

Source IP : 20.1.1.1

Source port : 13005

192.168.1.1 20.1.1.1

IP packet 3

Source IP : 20.1.1.1

Source port : 13425

IP packet 3

Source IP : 192.168.1.1

Source port : 1111

10 .1 .1. 2

10.1.1.3

Server B

Host

Server A

192.168.1 .2

Host

IP packet 1

Source IP : 192.168.1.3

Source port : 1537

IP packet 1

Source IP : 20.1.1.1

Source port : 12300

IP packet 4

Source IP : 20.1.1.1

Source port : 14205

IP packet 4

Source IP : 192.168.1.2

Source port : 1111