User guide
Useful Information on Internet Access100
Configuration Examples
NAT
Network address translation (NAT) is activated on accessing the
Internet (ISP). You require this feature in order to translate inter-
nal IP addresses to valid external IP addresses. This has three
important consequences for Internet access:
z Several workstations can share a single Internet access. You
do not require a LAN access, only a single account with the
Internet service provider.
z The IP addresses used in the LAN are translated into IP
addresses valid worldwide. So you require no such addresses
for your LAN.
z Only IP connections triggered from a workstation computer
can be established. Consequently, while you can call up Web
pages from a workstation, you cannot install a Web server
visible in the Internet on a workstation.
Certain protocols cannot be used when NAT is being used. This
affects protocols with the following properties:
z IP addresses are transported in the useful load, e.g. NetBIOS
over IP or SIP.
z The protocol requires an active, inward-directed connection
establishment, e.g. ICQ.
z The protocol will function without TCP/UDP port numbers, e.g.
ICMP or IGMP.
The Forum 523/524 NAT has suitable processes for ensuring the
functions of many important protocols affected by these rules.
These are the protocols FTP (in “active” mode), CuSeeMe (“video-
conferencing”), IRC (“chat”), ICMP errors (“traceroute”) and ICMP
echo (“ping”).
Depending on the internet telephony protocol (VoIP, SIP) the
required NAT extension (“Full Cone NAT”) or RTP-Proxy is acti-
vated on the Media Gateway Card.
Protocols which require inward-directed connection establishment
can be configured in the Network: Port Access menu. For fur-
ther information, refer to the online help of this menu.