destination port is used.
However, since there is a possible range of 64,500 source ports and the same number for
destination ports, it is theoretically possible to have over 4 billion connections between two IP
addresses if all ports are used.
Using NAT Pools Can Increase the Connections
To increase the number of NAT connections that can exist between the NetDefend Firewall and a
particular external host IP, the NetDefendOS NAT pools feature can be used which can
automatically make use of additional IP addresses on the firewall.
This is useful in situations where a remote server requires that all connections are to a single port
number. In such cases, the 64,500 limit for unique IP address pairs will apply.
See
for more information about this topic.
The Source IP Address Used for Translation
There are three options for how NetDefendOS determines the source IP address that will be used
for NAT:
•
Use the IP Address of the Interface
When a new connection is established, the routing table is consulted to resolve the
outbound interface for the connection. The IP address of that resolved interface is then used
as the new source IP address when NetDefendOS performs the address translation. This is the
default way that the IP address is determined.
•
Specify a Specific IP Address
A specific IP address can be specified as the new source IP address. The specified IP address
needs to have a matching ARP Publish entry configured for the outbound interface.
Otherwise, the return traffic will not be received by the NetDefend Firewall. This technique
might be used when the source IP is to differ based on the source of the traffic. For example,
an ISP that is using NAT, might use different IP addresses for different customers.
•
Use an IP Address from a NAT Pool
A
NAT Pool
, which is a set of IP addresses defined by the administrator, can be used. The next
available address from the pool can be used as the IP address used for NAT. There can be one
or many NAT pools and a single pool can be used in more than one
NAT
rule. This topic is
discussed further in
Applying NAT Translation
The following illustrates how NAT is applied in practice on a new connection:
1.
The sender at IP address
192.168.1.5
sends a packet from a dynamically assigned port, for
example 1038, to a server, for example
195.55.66.77
port 80.
192.168.1.5:1038 => 195.55.66.77:80
2.
In this example, the Use Interface Address option is used, and we will use
195.11.22.33
as the
interface address. In addition, the source port is changed to a random free port on the
NetDefend Firewall and which is above port 1024. In this example, it is assumed port 32,789
is chosen. The packet is then sent to its destination.
Chapter 7: Address Translation
577
Содержание NetDefendOS
Страница 30: ...Figure 1 3 Packet Flow Schematic Part III Chapter 1 NetDefendOS Overview 30 ...
Страница 32: ...Chapter 1 NetDefendOS Overview 32 ...
Страница 144: ...Chapter 2 Management and Maintenance 144 ...
Страница 220: ... Enable DHCP passthrough Enable L2 passthrough for non IP protocols 4 Click OK Chapter 3 Fundamentals 220 ...
Страница 267: ... SourceNetwork lannet DestinationInterface any DestinationNetwork all nets 4 Click OK Chapter 3 Fundamentals 267 ...
Страница 284: ...Chapter 3 Fundamentals 284 ...
Страница 360: ...The ospf command options are fully described in the separate NetDefendOS CLI Reference Guide Chapter 4 Routing 360 ...
Страница 392: ...Chapter 4 Routing 392 ...
Страница 396: ...Web Interface 1 Go to Network Ethernet If1 2 Select Enable DHCP 3 Click OK Chapter 5 DHCP Services 396 ...
Страница 419: ... Host 2001 DB8 1 MAC 00 90 12 13 14 15 5 Click OK Chapter 5 DHCP Services 419 ...
Страница 420: ...Chapter 5 DHCP Services 420 ...
Страница 424: ...2 Now enter Name lan_Access Action Expect Interface lan Network lannet 3 Click OK Chapter 6 Security Mechanisms 424 ...
Страница 573: ...Chapter 6 Security Mechanisms 573 ...
Страница 575: ...This section describes and provides examples of configuring NAT and SAT rules Chapter 7 Address Translation 575 ...
Страница 607: ...Chapter 7 Address Translation 607 ...
Страница 666: ...Chapter 8 User Authentication 666 ...
Страница 775: ...Chapter 9 VPN 775 ...
Страница 819: ...Chapter 10 Traffic Management 819 ...
Страница 842: ...Chapter 11 High Availability 842 ...
Страница 866: ...Default Enabled Chapter 13 Advanced Settings 866 ...
Страница 879: ...Chapter 13 Advanced Settings 879 ...