Example 1. Suggest an access from inside workstations to outside networks.
Record has added to NAT static table:
------------------------------------------------------------------------------
PR: SIDE: ADD: NET: ANET: SIPP: DIPP: PAT:
PROT: DPO: ADPO:
------------------------------------------------------------------------------
0 IN SRC 192.168.1.0/24 10.0.0.1/32 * * YES
* *
------------------------------------------------------------------------------
Example of IP packet translation:
| Source IP address | Destination IP address | |
| Before translation: | 192.169.1.2:XXX | 10.0.0.3:ZZZ |
| After translation: | 10.0.0.1:YYY | 10.0.0.3:ZZZ |
Comment. For a source address translation has used a record PR:0
In this example we suggest access to the outside server (in this example it is pc4.mynet.com) from inside network.
Records have added to NAT static table:
------------------------------------------------------------------------------
PR: SIDE: ADD: NET: ANET: SIPP: DIPP: PAT:
PROT: DPO: ADPO:
------------------------------------------------------------------------------
0 IN SRC 192.168.1.0/24 10.0.0.1/32 * * YES
* *
1 IN DST 192.168.50.1/32 10.0.0.2/32 * * NO
* *
------------------------------------------------------------------------------
Example of IP packet translation:
| Source IP address | Destination IP address | |
| Source translation | ||
| Before translation: | 192.169.1.2:XXX | 192.168.50.1:YYY |
| After translation: | 10.0.0.1:ZZZ | 192.168.50.1:YYY |
| Destination translation | ||
| Before translation: | 10.0.0.1:ZZZ | 192.168.50.1:YYY |
| After translation: | 10.0.0.1:ZZZ | 10.0.0.2:YYY |
Comment. For a source address translation has used a record PR:0 and for a destination address translation has used a record PR:1
In this example we suggest access to the
outside HTTP server (in this example it is pc4.mynet.com) from inside network.
Now we can use the next URL (Uniform Resource Identifier) "http://192.168.50.1" in our Internet explorer for connect to WWW on pc4.mynet.com.
But we cannot use URL http://pc4.mynet.com yet. See example 4 for more information.
Records have added to NAT static table:
------------------------------------------------------------------------------
PR: SIDE: ADD: NET: ANET: SIPP: DIPP: PAT:
PROT: DPO: ADPO:
------------------------------------------------------------------------------
0 IN SRC 192.168.1.0/24 10.0.0.1/32 * * YES
* *
1 IN DST 192.168.50.1/32 10.0.0.2/32 * * YES
TCP http(80)
------------------------------------------------------------------------------
Example of IP packet translation:
| Source IP address | Destination IP address | |
| Source translation | ||
| Before translation: | 192.169.1.2:XXX | 192.168.50.1:80 |
| After translation: | 10.0.0.1:YYY | 192.168.50.1:80 |
| Destination translation | ||
| Before translation: | 10.0.0.1:YYY | 192.168.50.1:80 |
| After translation: | 10.0.0.1:YYY | 10.0.0.2:80 |
Comment. For a source address translation has used a record PR:0 and for a destination address translation has used a record PR:1
Example 4. Translation of DNS's requests.
In this example we publish an outside HTTP server (there is 10.0.0.2) as inside (pc4.mynet.com with IP address 192.168.1.2).
For allow access to this server NAT must made translation of DNS request which will generate user's Intenet browser.
(the Internet browser will make this request when you type URL (Uniform Resource Identifier) "http://pc4.mynet.com" and press "Enter")
For this we must add an additional record in NAT table for translation DNS name.
Records have added to NAT static table:
------------------------------------------------------------------------------
PR: SIDE: ADD: NET: ANET: SIPP: DIPP: PAT:
PROT: DPO: ADPO:
------------------------------------------------------------------------------
0 IN SRC 192.168.1.0/24 10.0.0.1/32 * * YES
* *
1 IN DST 192.168.50.1/32 10.0.0.2/32 * * YES
TCP http(80)
2 OUT DST 10.0.0.2/32 192.168.50.1/32 * * NO
------------------------------------------------------------------------------
Step 1. Translate DNS request.
| Source IP address | Destination IP address | Body's contents of DNS message. | |
| Source translation | |||
| Before translation: | 192.169.1.2:XXX | IP address of DNS :53 | REQ=pc4.mynet.com |
| After translation: | 10.0.0.1:YYY | IP address of DNS :53 | REQ=pc4.mynet.com |
Comment. For a source address translation has used a record PR:0
Step 2. Translate DNS answer.
| Source IP address | Destination IP address | Body's contents of DNS message. | |
| DNS massage translation | |||
| Before translation: | IP address of DNS :53 | 10.0.0.1:XXX | REQ=pc4.mynet.com ASW=10.0.0.2 |
| After translation: | IP address of DNS :53 | 10.0.0.1:XXX | REQ=pc4.mynet.com ANW=192.168.50.1 |
Comment. For a DNS answer address translation has used a record PR:2
Step 3. Translate packet with DNS answer.
| Source IP address | Destination IP address | Body's contents of DNS message. | |
| DNS massage translation | |||
| Before translation: | IP address of DNS :53 | 10.0.0.1:XXX | REQ=pc4.mynet.com ANW=192.168.50.1 |
| After translation: | IP address of DNS :53 | 192.169.1.2:YYY | REQ=pc4.mynet.com ANW=192.168.50.1 |
Comment. For a destination address translation has used a record from NAT dynamic table.
Step 4. Translate HTTP packets.
| Source IP address | Destination IP address | |
| Source translation | ||
| Before translation: | 192.169.1.2:XXX | 192.168.50.1:80 |
| After translation: | 10.0.0.1:YYY | 192.168.50.1:80 |
| Destination translation | ||
| Before translation: | 10.0.0.1:YYY | 192.168.50.1:80 |
| After translation: | 10.0.0.1:YYY | 10.0.0.2:80 |
Comment. For a source address translation has used a record PR:0 and for a destination address translation has used a record PR:1
Example 5. Suggest an access from outside networks to our internal servers.
Goal description. We have just one public IP address and on the internal LAN there are more computers on several IP addresses running the same service with different contents, e.g. a commercial web, a technical web, a restricted access web.
Three our servers have described in outside network (for example Internet) as :
10.0.0.1:80 - a main HTTP server of our company.
10.0.0.1:81 - a HTTP server for technical support.
10.0.0.1:82 - a HTTP server for developers.
Records have added to NAT static table:
------------------------------------------------------------------------------
PR: SIDE: ADD: NET: ANET: SIPP: DIPP: PAT:
PROT: DPO: ADPO:
------------------------------------------------------------------------------
0 OUT DST 10.0.0.1/32 192.168.1.1/32 * * YES
TCP 81 80
1 OUT DST 10.0.0.1/32 192.168.1.2/32 * * YES
TCP 82 80
2 OUT DST 10.0.0.1/32 192.168.1.3/32 * * YES
TCP 83 80
------------------------------------------------------------------------------
| Source IP address | Destination IP address | |
| Destination translation | ||
| Before translation: | XXX.XXX.XXX.XXX:YYY | 10.0.0.1:80 |
| After translation: | XXX.XXX.XXX.XXX:YYY | 192.168.1.1:80 |
| Destination translation | ||
| Before translation: | XXX.XXX.XXX.XXX:YYY | 10.0.0.1:81 |
| After translation: | XXX.XXX.XXX.XXX:YYY | 192.168.1.2:80 |
| Destination translation | ||
| Before translation: | XXX.XXX.XXX.XXX:YYY | 10.0.0.1:82 |
| After translation: | XXX.XXX.XXX.XXX:YYY | 192.168.1.3:80 |
Comment. For the first destination address translation has used a record PR:0, for the second has used a record PR:1, for the third has used a record PR:2
Print this page