Concepts and Principles of Operation
16
packets are to be filtered or forwarded. If no access list is specified, all valid packets will be forwarded.
You can specify in the IP access list the following criteria: source IP address, destination IP address,
source port number, destination port number, and the protocol which when matched will be forwarded
or filtered.
NAT
The ISP generally offers two type of accounts to SOHO users. The Single User account, and the LAN
Access (Multiple Users) account. The Single User account is often referred as Terminal Adapter or
Modem account where single user Internet access is assumed. The LAN Access account cost more
than the Single User account because multiple IP addresses are assigned. Network Translation (NAT)
is designed to allow multiple users on the LAN to access Internet simultaneously using the Single User
account. In addition to cost saving, NAT is also useful in areas in which security or convenience are a
concern. It is convenient in the sense that, the users don’t have to change the private legacy IP
addressed already in use.
In order for the outside world to access the TCP/IP servers on the LAN, the Hypertec Router allows a
list of internal IP addresses to be associated with FTP, Telnet, HTTP, and Email servers. Traffic
destined for the list servers are forwarded to the specified IP addresses. The inbound traffic distribution
works only for static IP address arrangement where you can register an IP address against the domain
names. You will not have an IP address to register or publish when access to the Internet is via a
“single-user” account.
There are some limitation on the NAT application :
1.
If the ISDN connection drops (e.g., because of an idle time-out), it is most likely that upon
reconnection you will get a different IP address assigned. For example, if you are using a web
browser and the connection drops because you go idle, if you then click on a link, you might get an
error message because you now have a different IP address.
2.
Certain applications, like some UDP-based Internet games and chat client programs, will work
unreliably or not at all when using NAT because they report their private IP address to the server
instead of the "correct" dynamically assigned address. The remote application while sending UDP
packets toward the private IP address will not be able to deliver.
3.
NAT is available for Internet connections only. The Intranet connection is not affected by the
Internet NAT setting.