Exported services – Netopia R7200 User Manual

Understanding Netopia NAT Behavior C-5

Now both IP packets have the exact same source IP address (200.1.1.40) and source por ts (400). The Netopia
R7200 is then able to distinguish between the two IP packets by changing the source TCP or UDP por ts and
keeping this information in an internal table. As seen above, the source por t for Workstation A has been
changed to 5001 and the source por t for Workstation B has been changed to 5002.

If you were to look at the internal por t mapping table that is maintained by the Netopia R7200, it would look
similar to the following:

With this information the Netopia R7200 can determine the appropriate routing for an IP response from the
Internet. In this case, when the WWW ser ver responds with a destination por t of 5001, the Netopia R7200 can
see that this packet's destination on the local LAN inter face is actually Workstation A at IP address
192.168.5.2. Likewise, with the response for por t 5002, the Netopia R7200 can see that this packet's
destination on the local LAN inter face is actually Workstation B at IP address 192.168.5.3.

Exported services

Note that this “automatic” por t remapping and IP address substitution only works in one direction – for IP
packets that originated on the LAN inter face destined to the WAN inter face and the Internet. In order for por t
remapping and IP address substitution to work in the other direction – that is, hosts on the Internet that want to
originate an IP packet destined to a host on the Netopia R7200s LAN inter face – a manual redirection of TCP or
UDP por ts as well as destination IP addresses within the Netopia R7200 is required. This manual por t
remapping and IP address substitution is accomplished by setting up expor ted ser vices.

Expor ted ser vices are essentially user-defined pointers for a par ticular type of incoming TCP or UDP ser vice
from the WAN inter face to a host on the local LAN inter face. This is necessar y since the Netopia R7200 and
thus the attached local LAN has only one IP presence on the WAN inter face and Internet. Expor ted ser vices
allows the user to redirect one type of ser vice – for example Por t 21 (FTP) – to a single host on the local LAN
inter face. This will then allow the Netopia R7200 to redirect any packets coming in from the Internet with the
defined destination TCP or UDP por t of por t 21 (FTP) to be redirected to a host on the local LAN inter face.

For example, suppose the WWW ser ver on the Internet with the IP address of 163.176.4.32 wants to access
Workstation B on the Netopia R7200s local LAN inter face which is operating as an FTP ser ver. The IP address
for Workstation B is 192.168.5.3, which is not a valid IP address, and thus the WWW ser ver on the Internet
cannot use this IP address to access Workstation B.

The WWW ser ver on the Internet would then have to use the single valid IP address that was acquired on the
Netopia R7200's WAN inter face to access any host on the Netopia R7200's local LAN inter face, since this is
the only valid address for the Internet. But if the WWW ser ver on the Internet opens a connection to 200.1.1.40
via por t 21 (FTP) and no expor ted ser vices are defined on the Netopia R7200, the Netopia R7200 will discard
the incoming packet since the Netopia R7200 itself does not per form the requested ser vice.

You can see why expor ted ser vices are necessar y. In the example above, an expor ted ser vice needs to be
defined within the Netopia R7200 redirecting any incoming IP traffic with a destination por t of 21 to the host on
the local LAN inter face with the IP address of 192.168.5.3.

Source LAN IP Source LAN Port Remapped LAN Port
192.168.5.2 TCP 400 TCP 5001
192.168.5.3 TCP 400 TCP 5002