Manualshelf

Technical data

ManualsBrandsCabletron Systems ManualsSwitch1088
919293949596979899100
Chapter 4. Configuring Special Features 99
When an IP packet comes in through an interface (i.e., the Input interface), the router tries to recognize the
packet. The router then examines the Input filters for this interface and, based on the first Input filter that
matches the IP packet, it decides how to handle the packet (forward or discard it).
If NAT translation is enabled for the Input interface, NAT translation is performed.
Forward Phase
At this stage, the router determines to which interface or link the packets will be sent out using its routing
table. It then applies the Forward filters based on the Input interface information. Next the router applies the
Forward filters based on the Output interface information.
Output Phase
If NAT translation is enabled for the Output interface, then NAT translation is performed
.
The router
examines the Output filters for this interface and, based on the first Output filter that matches the IP packet, it
decides how to handle the packet.
Configuring Filters with Network Address Translation Enabled
General NAT Information
Network Address Translation is an IP address conversion feature that translates a PC’s local (internal) address
into a global (outside/Internet) IP address. NAT is needed when a PC (or several PCs) on a Local Area
Network wants to connect to the Internet or get to a remote network that uses global, registered addresses:
NAT swaps the local IP address with a global IP address: the IP address and port information that the PC uses
are remapped (changed) to the IP address that was assigned to the router and a new port number is assigned.
Note:
The preceding section,
Filters and Interfaces
, describes how NAT “behaves” for each filtering phase.
Filter Actions
For an IP packet to be forwarded successfully, a filter at each implementation point (Input, Forward, and Output)
must
accept the IP packet.
If
no
filter at a particular point matches the incoming IP packet, it is assumed that the packet is accepted.
Each IP filter can initiate one of the following three possible actions:
Accept
When the packet is accepted at a filter interface (Input, Forward, or Output), the router lets it proceed for
further processing.
Drop
With Drop, the packet is discarded.
Reject