2 nat overview – Asus RX3042H User Manual

RX3042H User's Manual

Configuring Firewall

65

• ACL Rules: for controlling all access to the computers on the

LAN and DMZ and for controlling access to external networks

for hosts on the LAN and DMZ.

• Self-Access Rules: for controlling access to the RX3042H itself.
Default Access Rules
• All traffic from external hosts to the hosts on the LAN and DMZ is

denied.

• All traffic originated from the LAN is forwarded to the external

network using NAT.

WARNING: It is not necessary to remove the default

ACL rule from the ACL rule table! It is better to create

higher priority ACL rules to override the default rule.

9.2

NAT Overview

Network Address Translation allows use of a single device, such

as the RX3042H, to act as an agent between the Internet (public

network) and a local (private) network. This means that a NAT

IP address can represent an entire group of computers to any

entity outside a network. Network Address Translation (NAT) is

a mechanism for conserving registered IP addresses in large

networks and simplifying IP addressing management tasks.

Because of the translation of IP addresses, NAT also conceals

true network address from privy eyes and provide a certain degree

security to the local network.
The NAT modes supported are static NAT, dynamic NAT, NAPT,

reverse static NAT and reverse NAPT.

9.2.1 NAPT (Network Address and Port Translation)

or PAT (Port Address Translation)

Also called IP Masquerading, this feature maps many internal hosts

to one globally valid Internet address. The mapping contains a pool

of network ports to be used for translation. Every packet is translated

with the globally valid Internet address and the port number is

translated with an un-used port from the pool of network ports.

Figure 9.1 shows that all the hosts on the local network gain access

to the Internet by mapping to only one globally valid IP address and

different port numbers from a free pool of network ports.