Figure 156 restricted cone nat example – ZyXEL Communications P-2304R-P1 Series User Manual

Page 264

Advertising
background image

Appendix F NAT

P-2304R-P1 Series User’s Guide

264

Restricted Cone NAT

As in full cone NAT, a restricted cone NAT router maps all outgoing packets from an internal
IP address and port to a single IP address and port on the external network. In the following
example, the NAT router maps the source address of all packets sent from internal IP address
1 and port A to IP address 2 and port B on the external network.
The difference from full cone NAT is in how the restricted cone NAT router handles packets
coming in from the external network. A host on the external network (IP address 3 or IP
address 4 for example) can only send packets to the internal host if the internal host has
already sent a packet to the external host’s IP address.
A ZyXEL Device with IP address 1 and port A sends packets to IP address 3 and IP address 4.
The NAT router changes the ZyXEL Device’s IP address to 2 and port to B.
Both 4, D and 4, E can send packets to 2, B since 1, A has already sent packets to 4. The NAT
router will perform NAT on the packets from 4, D and 4, E and send them to the ZyXEL
Device at IP address 1, port A. Packets have not been sent from 1, A to 3 or 5, so 3 and 5
cannot send packets to 1, A.

Figure 156 Restricted Cone NAT Example

Port Restricted Cone NAT

As in full cone NAT, a port restricted cone NAT router maps all outgoing packets from an
internal IP address and port to a single IP address and port on the external network. In the
following example, the NAT router maps the source address of all packets sent from internal
IP address 1 and port A to IP address 2 and port B on the external network.
The difference from full cone and restricted cone NAT is in how the port restricted cone NAT
router handles packets coming in from the external network. A host on the external network
(IP address 3 and Port C for example) can only send packets to the internal host if the internal
host has already sent a packet to the external host’s IP address and port.
A ZyXEL Device with IP address 1 and port A sends packets to IP address 3, port C and IP
address 4, port D. The NAT router changes the ZyXEL Device’s IP address to 2 and port to B.
Since 1, A has already sent packets to 3, C and 4, D, they can send packets back to 2, B and the
NAT router will perform NAT on them and send them to the ZyXEL Device at IP address 1,
port A.

Advertising
Popular Brands
Popular manuals