TMS zl Management and Configuration Guide ST.1.2.100916

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module

441

442

443

444

445

446

447

448

449

450

5-9

Network Address Translation

NAT Operations

Table 5-6. Destination NAT with Port Forwarding

In a variation on this type of NAT, you can translate multiple public IP

addresses to a particular private IP address based on the service. For example,

HTTP traffic destined to either 192.168.5.23 or 192.168.5.24 is translated to the

private IP address 10.1.1.10. Another NAT policy could apply to FTP traffic

destined the same two public IP addresses, translating this traffic to the

private IP address 10.1.1.11.

Port Address Translation (PAT) (for One-to-One or Many-to-

One)

PAT is destination NAT in which the destination port is translated as well as

the IP address. Use PAT when your servers listen for traffic on non-standard

ports. For example, if your Web server uses port 8088 for HTTP traffic, traffic

sent to destination port 80 must be translated to port 8088. Similarly, if the

network uses port 2102 for FTP traffic, the destination port 21 must be trans-

lated to 2102.

The TMS zl Module will perform PAT with any type of destination NAT if you

specify a NAT port in the policy. However, you should typically combine PAT

with port forwarding to ensure that the correct type of traffic is selected for

translation to the new port.

Port Forwarding with PAT. Port forwarding with PAT selects traffic des-

tined to a particular port and translates both the destination IP address and

the destination port. The TMS zl Module will perform port forwarding with

PAT if you specify one or more destination addresses, one NAT address, one

service, and one new port. The example below requires two destination NAT

policies: one to translate HTTP traffic and one to translate FTP traffic.

The source and destination IP addresses (SA, DA) and port fields (SP, DP) in

five inbound IP packet headers are shown in Table 5-7. The translated fields

are shown with shading.

Before NAT After NAT

172.16.122.63 50005 192.168.5.23 80 172.16.122.63 50005 10.1.1.10 80

10.1.5.48 50006 192.168.5.23 21 10.1.5.48 50006

10.1.1.11 21

10.100.148.77 50007 192.168.5.23 80 10.100.148.77 50007

10.1.1.10 80

172.20.222.8 50008 192.168.5.23 80 172.20.222.8 50008

10.1.1.10 80

172.25.121.75 50009 192.168.5.23 21 172.25.121.75 50009

10.1.1.11 21