Dynamic nat, Dynamic nat 193, Figure 7-9 – Nortel Networks WEB OS 212777 User Manual

Web OS 10.0 Application Guide

Chapter 7: Filtering

n

193

212777-A, February 2002

Note the following important points about this configuration:

n

Within each filter, the

smask

and

dmask

values are identical.

n

All parameters for both filters are identical except for the NAT direction. For Filter 10,

nat

source

is used. For Filter 11,

nat

dest

is used.

n

Filters for static (non-proxy) NAT should take precedence over dynamic NAT filters (fol-
lowing example). Static filters should be given lower filter numbers.

Dynamic NAT

Dynamic NAT is a many-to-one solution: multiple clients on the private subnet take advantage
of a single external IP address, thus conserving valid IP addresses. In this example, clients on
the internal private network require TCP/UDP access to the Internet:

Figure 7-9 Dynamic Network Address Translation

N

OTE

–

Dynamic NAT can also be used to support ICMP traffic for PING.

This example requires a NAT filter to be configured on the switch port that is connected to the
internal clients. When the NAT filter is triggered by outbound client traffic, the internal private
IP address information on the outbound packets is translated to a valid, publicly advertised IP
address on the switch. In addition, the public IP address must be configured as a proxy IP
address on the switch port that is connected to the internal clients. The proxy performs the
reverse translation, restoring the private network addresses on inbound packets.

Router

Hub

Internal Clients

10.10.10.x

(Private network)

Internet

Inbound proxy on
public address

Outbound filter:

NAT source info

to public address

1

Public IP Address:
205.178.17.12