Specifications
IP Masquerading and Forwarding Profiles
74 AVM Access Server – 5 AVM Access Server Concepts and Functional Principles
5.2 IP Masquerading and Forwarding Profiles
The AVM Access Server uses IP masquerading over connections to the
Internet. IP masquerading hides a whole private LAN behind a single
public IP address. The LAN’s Internet gateway “masks” all the other
LAN computers’ IP addresses. This also prohibits access from the Inter-
net to individual computers in the LAN. If you want to permit access to
certain servers in your local network from the Internet, however, you
can do so using forwarding profiles.
IP Masquerading
On connecting to the Internet, the AVM Access Server is generally as-
signed a public IP address by the Internet Service Provider. In IP mas-
querading, the Access Server substitutes this address for the source
address of all LAN computers’ TCP, UDP and ICMP communications to
computers in the Internet. From the Internet, it appears as if all connec-
tions from the LAN’s computers come directly from the Access Server.
On receiving responses from the Internet, the Access Server performs
the reverse operation, substituting the address in the destination field
and forwarding the packet to whichever LAN computer actually re-
quested the data. In this way, the computers in the private LAN can
continue using their internal (“unofficial”) IP addresses when
Active All packets Drop All packets that have not
been accepted or dropped
above this point are treated
as intrusion attempts. These
may be tunnelled packets
(i.e. IP-over-IP encapsulated
packets), or routing
protocols, such as OSPF or
EGP packets. These packets
would also be dropped by
the filter profile’s default
action, of course. This rule is
nonetheless included so
that you can activate its log
option if you want to trace an
attack on your firewall.
Status Service/Source/Destination Action Remarks