NEXPEED NBG440 User’s Manual
NexComm Systems, Inc. 83 PAGE
Inbound access control (allows access to your local server while using PAT)
By default, all external attempts to access internal hosts are denied, and you must
configure specific access. For example, you can configure one "nat entry" command
that permits a host on the Internet (foreign host) to access your corporate (internal)
server using any port service (such as WWW).
To configure a static entry for an internal host, use the following command:
COMMAND
(conf)# nat entry <local-ip> <lport> <global-ip> <gport>
(conf)# nat entry <local-ip> ping <global-ip> ping
Parameters
<local-ip> - Specify an IP address that belong to the
private(internal) IP network.
<lport> - Specify a port number for the local IP address.
<global-ip> - Specify a shared outbound PAT address.
<gport> - Specify a port number for the outbound PAT address.
Usage Examples:
(conf)# nat entry 192.168.1.1 23 168.126.188.254 23
=>
allows inbound TELNET access for a internal host “192.168.1.1”.
Note1:
The
global-IP
address must belong to the global IP address pool. And to
operate your static entry, you first configure PAT translation.
Note2:
If the port service is ICMP(ping), enter string "ping" or port "0" in the fields
of the <lport> and the <gport>.
Translation Timeout values
NAT has an internal translation table. A translation table entry represents one TCP, UDP,
ICMP connection(
Note:
a port mapping can generate many TCP and UDP connections.).
A translation table entry is reused as long as traffic includes packets that match an entry.
All the entries for a connection are freed(expire) when the connection disconnects.
The router removes entries from the translation table entries on the basis of the
following timeouts:
> TCP translations time out after 240 seconds
