User Guide

94 Chapter 4. Configuring Special Features

In the following description of the Input, Forward, and Output phases, the reference numbers associated with

filtering steps match the numbers used in the above illustration.

Input Phase

When an IP packet comes in through an interface (i.e., the Input interface), the router tries to recognize the

packet. The router then examines the Input filters for this interface and, based on the first Input filter that

matches the IP packet, it decides how to handle the packet (forward or discard it).

If NAT translation is enabled for the Input interface, NAT translation is performed.

Forward Phase

At this stage, the router determines to which interface or link the packets will be sent out using its routing

table. It then applies the Forward filters based on the Input interface information. Next the router applies the

Forward filters based on the Output interface information.

Output Phase

If NAT translation is enabled for the Output interface, then NAT translation is performed

The router

examines the Output filters for this interface and, based on the first Output filter that matches the IP packet, it

decides how to handle the packet.

Configuring Filters with Network Address Translation Enabled

General NAT Information

Network Address Translation is an IP address conversion feature that translates a PC’s local (internal) address

into a global (outside/Internet) IP address. NAT is needed when a PC (or several PCs) on a Local Area

Network wants to connect to the Internet or get to a remote network that uses global, registered addresses:

Input Phase

Output Phase

Forward Phase

Input

Filter

1 2

IP-ES

ICMP

Redirect

Forward

Filters

IP Routing

Table

Output

Filter

4 5

Forward filters on

the input interface

Forward filters on

the output interface

Routing

Table

Processing