Configuring nat, 1 network address translation, 1 dynamic nat – Black Box LR1102A-T1/E1 User Manual
Page 79: 2 static nat, Onfiguring, Network address translation, Dynamic nat, Static nat, 1network address translation
12
C
ONFIGURING
NAT
12.1Network Address Translation
Network Address Translation (RFC 1631) is commonly known as NAT. This application discusses NAT and provides a
technical explanation and configuration examples.
Features:
Dynamic Address/Port Translation
Static Address/Port Translation
Forward and Reverse NAT
Non-Translated Address Pass Through
In the most common NAT application, the device (Black Box system) that connects the user LAN to the Internet will
have two IP addresses:
A private IP address on the LAN side for the RFC 1918 address range
A public address, routable over the Internet, on the WAN side
Consider a PC on the LAN sending a packet destined for some.server.com. The source IP address and port are in the
packet together with the destination IP address and port. When the packet arrives at the Black Box system it will be
de-encapsulated, modified, and re-encapsulated. The re-encapsulated packet sent by the Black Box system destined for
the Internet contains the Black Box system’s public IP address, a source port allocated from its list of available ports,
and the same destination IP address and port number generated by the PC. The Black Box system also adds an entry
into a table it keeps, which maps the internal address and source port number that the PC generated against the port
number it allocated to this session. Therefore, when some.server.com sends a reply packet to the PC, the Black Box
system can quickly determine how it needs to re-write the packet before transmitting it back on to the LAN.
12.1.1 Dynamic NAT
Dynamic NAT is used when packets destined for the Internet are transported from a LAN using the public source IP
address assigned to the local router. Dynamic NAT performs this task well, but it does not permit providing services to
the Internet from inside a LAN. In these instances, static NAT is used.
12.1.2 Static NAT
Static NAT also requires a public address from the upstream service provider. Individual PCs within a LAN are
assigned RFC 1918 reserved IP addresses to enable access to other PCs within the LAN. The Black Box system is
configured with static mapping, which maps the internal RFC 1918 IP addresses for each PC to the appropriate public
IP address. Then when traffic is sent to the public address listed in the static mapping, the Black Box system forwards
the packets to the correct PC within the LAN, according to the mapping relationship established.