User's Manual

ManualsBrandsZyXEL ManualsNetworkingISG50

321

322

323

324

325

326

327

328

329

330

Chapter 18 NAT

ISG50 User’s Guide

327

Port Mapping

Type

Use the drop-down list box to select how many original destination ports this NAT

rule supports for the selected destination IP address (Original IP). Choices are:

any - this NAT rule supports all the destination ports.

Service - this NAT rule maps one service to another.

Port - this NAT rule supports one destination port.

Ports - this NAT rule supports a range of destination ports. You might use a range

of destination ports for unknown services or when one server supports more than

one service.

See Appendix B on page 827 for some common port numbers.

Protocol Type This field is available if Mapping Type is Port or Ports. Select the protocol (TCP,

UDP, or Any) used by the service requesting the connection.

Original Port This field is available if Mapping Type is Port. Enter the original destination port

this NAT rule supports.

Mapped Port This field is available if Mapping Type is Port. Enter the translated destination

port if this NAT rule forwards the packet.

Original Start

Port

This field is available if Mapping Type is Ports. Enter the beginning of the range

of original destination ports this NAT rule supports.

Original End Port This field is available if Mapping Type is Ports. Enter the end of the range of

original destination ports this NAT rule supports.

Mapped Start

Port

This field is available if Mapping Type is Ports. Enter the beginning of the range

of translated destination ports if this NAT rule forwards the packet.

Mapped End Port This field is available if Mapping Type is Ports. Enter the end of the range of

translated destination ports if this NAT rule forwards the packet. The original port

range and the mapped port range must be the same size.

Enable NAT

Loopback

Enable NAT loopback to allow users connected to any interface (instead of just the

specified Incoming Interface) to use the NAT rule’s specified Original IP

address to access the Mapped IP device. For users connected to the same

interface as the Mapped IP device, the ISG50 uses that interface’s IP address as

the source address for the traffic it sends from the users to the Mapped IP

device.

For example, if you configure a NAT rule to forward traffic from the WAN to a LAN

server, enabling NAT loopback allows users connected to other interfaces to also

access the server. For LAN users, the ISG50 uses the LAN interface’s IP address

as the source address for the traffic it sends to the LAN server. See NAT Loopback

on page 328 for more details.

If you do not enable NAT loopback, this NAT rule only applies to packets received

on the rule’s specified incoming interface.

Firewall By default the firewall blocks incoming connections from external addresses. After

you configure your NAT rule settings, click the Firewall link to configure a firewall

rule to allow the NAT rule’s traffic to come in.

The ISG50 checks NAT rules before it applies To-ISG50 firewall rules, so To-ISG50

firewall rules do not apply to traffic that is forwarded by NAT rules. The ISG50 still

checks other firewall rules according to the source IP address and mapped IP

address.

OK Click OK to save your changes back to the ISG50.

Cancel Click Cancel to return to the NAT summary screen without creating the NAT rule

(if it is new) or saving any changes (if it already exists).

Table 103 Configuration > Network > NAT > Add (continued)

LABEL DESCRIPTION