Napt, Internal server – H3C Technologies H3C S12500 Series Switches User Manual

Page 109

Advertising
background image

95

NOTE:

The number of public IP addresses that a NAT device needs is usually far less than the number of internal
hosts because not all internal hosts access external networks at the same time. The number of public IP
addresses is related to the number of internal hosts that might access external networks simultaneously

during peak hours.

NAPT

Network Address Port Translation (NAPT) is a variation of basic NAT. It allows multiple internal addresses

to be mapped to the same public IP address, which is called multiple-to-one NAT, or address

multiplexing.
NAPT mapping is based on both the IP address and the port number. With NAPT, packets from multiple

internal hosts are mapped to the same external IP address with different port numbers.

Figure 45 NAPT operation

As shown in

Figure 45

, three IP packets arrive at the NAT device. Packets 1 and 2 are from the same

internal address but have different source port numbers. Packets 1 and 3 are from different internal

addresses but have the same source port number. NAPT maps the three IP packets to the same external

address but with different source port numbers. Therefore, the packets can still be differentiated. When
receiving the response packets, the NAT device forwards them to the corresponding hosts according to

the destination addresses and port numbers.
NAPT can better utilize IP address resources, enabling more internal hosts to access the external network

at the same time.

Internal server

NAT hides the internal network structure, including the identities of internal hosts. However, some internal

hosts such as an internal web server or FTP server might need to be accessed by external hosts. NAT

meets this need by supporting internal servers.
You can configure an internal server on the NAT device by mapping a public IP address and port number
to the private IP address and port number of the internal server. For instance, you can configure an

address like 20.1.1.12:8080 as an internal web server’s external address and port number.
In

Figure 46

, when the NAT device receives a packet destined for the public IP address of an internal

server, it looks in the NAT entries and translates the destination address and port number in the packet

192.168.1.1

20.1.1.1

1.1.1.2

Server

NAT

Intranet

Internet

192.168.1.2

Host A

192.168.1.3

Host B

Packet 1
Src : 192.168.1.2:1111

Packet 2
Src : 192.168.1.2:2222

Packet 3
Src : 192.168.1.3:1111

Packet 1
Src : 20.1.1.1:1001

Packet 2
Src : 20.1.1.1:1002

Packet 3
Src : 20.1.1.1:1003

Before NAT

192.168.1.2:1111

After NAT

20.1.1.1:1001

Direction

Outbound

192.168.1.2:2222

20.1.1.1:1002

Outbound

192.168.1.3:1111

20.1.1.1:1003

Outbound

Advertising
This manual is related to the following products:

H3C S9500E Series Switches, H3C MSR 5600, H3C MSR 50, H3C MSR 3600, H3C MSR 30, H3C MSR 2600, H3C MSR 20-2X[40], H3C MSR 20-1X, H3C MSR 930, H3C MSR 900, H3C SecPath F5020, H3C SecPath F5040, H3C VMSG VFW1000

Popular Brands
Popular manuals