48 | About the Radio
Aprisa SRi User Manual 1.1.0
The configured NAT Address Map Table of the Base Station shows that Port Forwarding NAT will translate;
NAT Address Map Table Line 1 configuration will translate public interface Eth-1 IP address 192.168.2.2 port
range 8081 - 8087 to private IP address range 10.10.1.1
–
7 and port 80.
NAT Address Map Table Line 2 configuration will translate public IP address 192.168.2.2 port range 10,003
–
10,006 to private IP address range 10.10.1.3
–
6 and port 502 (Modbus).
NAT Address Map Table Line 3 configuration will translate ping messages public IP address 192.168.2.2 ping
query ID 101
–
107 to private IP address range 10.10.1.1
–
7 and ping query ID 200.
The NAT session table of Base Station session ID #1 shows that the public interface Eth-1 IP address and
TCP/UDP port 80 can’t be used in the NAT function or in NAT Address Map Table configuration as it is
reserved for the radio access (e.g. management access, etc). This line is just for explanation purposes as in
SuperVisor it will not be shown in NAT session table since no NAT translation is made and it’s not part of the
Address Map Table configuration table.
Session ID #2 and #3 shows the inbound and outbound session translation when the Management accesses
remote-1 using HTTP (port 80) and vice versa. From the Management perspective, remote-1 public address
is 192.168.2.2 and port 8081 (as it doesn’t know the real address 10.10.1.1 which is ‘hidden’ beh
ind the
NAT). As explained above, SuperVisor will not show session ID #2 and #3 in separate lines as these inbound
/ outbound transactions are considered as one session.
Session ID #4 and #5, are the same as sessions ID #2 and #3 and supported by NAT Address Map Table
configuration ID #2.
Session ID #6 shows that an inbound session will drop packets if the session configuration is not supported
in the NAT Address Map Table, or there is no outbound session initiated that can support a response of an
inbound session (even if not in Address Map Table).
Session ID #7 and #8 are session initiated outbound sessions like RTU-1 RBE (Report by Exception) and Telnet
session initiated from RTU-1, respectively. Initiated outbound sessions will be either translated per reverse
Address Map Table configuration and if no configuration rule exists, then it will be built dynamically by the
NAT function to later support a response from inbound session. Inbound session ID #9 is an example of a
response to initiated outbound session ID #8, which is a dynamically created NAT translation table/session.
Session ID #10 and #11, are the same as sessions ID #2 and #3 and supported by NAT Address Map Table
configuration ID #3, but this rule is set for ICMP ping. Instead of TCP/UDP port, NAT uses the ping query ID
for translation. To run a ping across port forwarding NAT, user can use the hrPing.exe utility (run as admin)
that can control the ping query ID value. Standard Windows ping command doesn’t have the capability to
control the ping query ID value.