User manual

001-5099-000 HiPR-900 User Manual

6.7.3.3.2 NAT Overview

The purpose of the “Network Address Translation” (NAT) protocol is to hide a private IP network from a

public network. The mechanism serves both as a firewall function and to save IP address space.

Figure 43 - Basic NAT Operations

The source address of packets transiting from the private network to the public network gets translated by

the NAT enabled device. The original IP source address gets replaced by the NAT enabled device’s own

IP address (address of the outgoing interface). The NAT module creates an address translation table that

is used when traffic is coming back from the public network to the private network.

In our example, Host 1 sends a packet to Host 2. The Host 2 device does not see the private IP address of

Host 1. When Host 2 sends a reply to Host 1, it uses the destination IP address 172.31.1.1; this gets trans-

lated back to the appropriate destination IP address by the NAT enabled device.

NAT does a lot more then simple translation of the IP source address. NAT also carries out IP protocol

dependant translation. For the UDP and TCP protocols, NAT, will also translate the source port numbers.

Special handling is also done for other more specific protocols like FTP.

Packet (1)

Source Address 192.168.1.2

Destination Address 172.31.1.2

Packet (1)

Source Address 172.31.1.1

Destination Address 172.31.1.2

192.168.1.1/24

172.31.1.1/24

NAT Enabled Device

Packet (2)

Source Address 172.31.1.2

Destination Address 192.168.1.2

Packet (2)

Source Address 172.31.1.2

Destination Address 172.31.1.1

Host 1

192.168.1.2/24

Host 2

172.31.1.2/24

Private network 172.30.1.0/24

Public network

+7 (495) 220-95-14 info@dataradio.ru www.dataradio.ru

ООО "ДатаРадио" - официальный представитель в Роcсии