5 nat and icmp packets, 6 nat and ftp, Nat and icmp packets -4 – Riverstone Networks WICT1-12 User Manual

21-4 Riverstone Networks RS Switch Router User Guide Release 8.0

NAT and ICMP Packets

Network Address Translation Configuration

You create NAT dynamic bindings for DNS by entering the following command in Configure mode.

DNS packets that contain addresses that match the ACL specified by

outside-local-acl-pool

are translated using

local addresses allocated from

inside-global-pool

.

The default timeout for DNS dynamic address bindings is 30 minutes. You can change this timeout by entering the
following command in Configure mode:

21.5 NAT AND ICMP PACKETS

NAT translates addresses embedded in the data portion of the following types of ICMP error messages:

•

Destination unreachable (type 3)

•

Source quench (type 4)

•

Redirect (type 5)

•

Time exceeded (type 11)

•

Parameter problem (type 12)

21.6 NAT AND FTP

File Transfer Protocol (FTP) packets require special handling with NAT, because the FTP PORT command packets
contain IP address information within the data portion of the packet. It is therefore important for NAT to know which
control port is used for FTP (the default is port 21) and the timeout for the FTP session (the default is 30 minutes). If
FTP packets will arrive on a different port number, you need to specify that port to NAT.

To define FTP parameters to NAT, enter the following commands in Configure mode.

Enable NAT with dynamic address binding for DNS
query/reply.

nat create dynamic local-acl-pool

<outside-local-acl>

global-pool

<ip-addr/ip-addr-range/ip-addr-list/ip-addr-mask>

Specify the timeout for DNS bindings.

nat set dns-session-timeout

<minutes>

Specify the FTP control port.

nat set ftp-control-port

<port number>

Specify the FTP session timeout.

nat set ftp-session-timeout

<minutes>