7.2. NAT
Dynamic Network Address Translation (NAT) provides a mechanism for translating original source
IP addresses to a different address. Outgoing packets then appear to come from a different IP
address and incoming packets back to that address have their IP address translated back to the
original IP address.
NAT can have two important benefits:
•
The IP addresses of individual clients and hosts can be "hidden" behind the firewall's IP address.
•
Only the firewall needs a public IPv4 address for public Internet access. Hosts and networks
behind the firewall can be allocated private IPv4 addresses but can still have access to the public
Internet through the public IPv4 address.
NAT Provides many-to-one IP Address Translation
NAT provides many-to-one translation. This means that each NAT rule in the IP rule set will
translate between several source IP addresses and a single source IP address.
To maintain session state information, each connection from dynamically translated addresses uses a
unique port number and IP address combination as its sender. NetDefendOS performs automatic
translation of the source port number as well as the IP address. In other words, the source IP
addresses for connections are all translated to the same IP address and the connections are
distinguished from one another by the allocation of a unique port number to each connection.
The diagram below illustrates the concept of NAT.
Figure 7.1. NAT IP Address Translation
In the illustration above, three connections from IP addresses A, B and C are NATed through a
single source IP address N. The original port numbers are also changed.
The next source port number allocated for a new NAT connection will be the first free port selected
randomly by NetDefendOS. Ports are allocated randomly to increase security.
Limitations on the Number of NAT Connections
Approximately 64,500 simultaneous NAT connections are possible if a "connection" is considered
to be a unique pair of IP addresses and different port numbers are not used or the same destination
port is used.
7.2. NAT
Chapter 7. Address Translation
370
Содержание NetDefend DFL-1660
Страница 28: ...1 3 NetDefendOS State Engine Packet Flow Chapter 1 NetDefendOS Overview 28 ...
Страница 88: ...2 6 3 Restore to Factory Defaults Chapter 2 Management and Maintenance 88 ...
Страница 166: ...3 10 DNS Chapter 3 Fundamentals 166 ...
Страница 254: ...4 7 5 Advanced Settings for Transparent Mode Chapter 4 Routing 254 ...
Страница 268: ...5 4 IP Pools Chapter 5 DHCP Services 268 ...
Страница 368: ...6 7 Blacklisting Hosts and Networks Chapter 6 Security Mechanisms 368 ...
Страница 390: ...7 4 7 SAT and FwdFast Rules Chapter 7 Address Translation 390 ...
Страница 414: ...8 3 Customizing Authentication HTML Pages Chapter 8 User Authentication 414 ...
Страница 490: ...9 8 6 Specific Symptoms Chapter 9 VPN 490 ...
Страница 528: ...10 4 6 Setting Up SLB_SAT Rules Chapter 10 Traffic Management 528 ...
Страница 544: ...11 7 HA Advanced Settings Chapter 11 High Availability 544 ...
Страница 551: ...12 3 5 Limitations Chapter 12 ZoneDefense 551 ...
Страница 574: ...Default 512 13 9 Miscellaneous Settings Chapter 13 Advanced Settings 574 ...
Страница 575: ...13 9 Miscellaneous Settings Chapter 13 Advanced Settings 575 ...