Specifications

LSNAT Overview

September 8, 2010 Page 9 of 28

addressthatreturnstrafficbackthroughtheLSNATrouter.SincetheclientIPaddressesare

usuallyunknowntotherealserver,mostrealserversendupsettingtheirdefaultroutertothe

LSNATrouter.IftheLSNATrouterisnotconfiguredasthedefaultrouter,theLSNATrouterand

realserver

mustbelocatedsomewhereinthenetworktopologythatguaranteesthatreturntraffic

flowsthroughtheLSNATrouter.

Ifinstead,theclientIPaddressisNATed,thisallowstherealserverstobelocatedanywhereina

network,sincethepacketsfromroutertoreal‐serverwillbesourceNATedwith

anIPaddress

ownedbytherouteritself.

UsethesourcenatpoolcommandtospecifyaNATpooltouseforsourceNATing.TheNATpool

isusedinanoverloadmode.

The FTP Control Port

TheFTPportassignmentdefaultstoport21.Youcangloballyassignanon‐stan dardFTPcontrol

portinglobalconfigurat ionmodethatwillbeusedbyallvirtualservers.

The Virtual Server Virtual Port and Real Server Port

Whenconfiguringavirtualserverandrealserver,theportmustbeconfiguredforaprotocoltype

andportvalue.Thissectionspecifiesportprotocolandportvalueconsiderationstotakeinto

accountwhenconfiguringavirtualserverorrealserver.

Virtual Server Virtual Port

Theconfigurationofthevirtualservervirtualporthastwomeaningsdependinguponwhether

theporthasazeroornon‐zerovalue:

•Ifanon‐zerovalueisset,thenincomingpackets’destinationportsarematchedtothatport.

•Ifazerovalueisset,thentheincomingpackets’destination

portswillonlymatchthatvirtual

serverifthereisnonon‐zeroportmatchwithanothervirtualserver.Inthiscasethezeroport

isacatchallthatmeansmatchanyport.

Thevirtualservervirtualportprotocol(UDP/TCP)mustalwaysmatchtherealserverport

protocol.

Thevirtualserver

isidentifiedbyitsVirtualIPAddress(VIP),portprotocol,andportnumber.A

virtualserverconfiguredforagivenVIPandportnumbermustbeconfiguredforeitherUDPor

TCP,butcannotbeconfiguredforboth.

Real Server Port

Theconfigurationoftherealserverporthastwomeanings:

•Ifanon‐zerovalueissettotherealserverport,thenanybindingscreatedusingthatreal

serverwillusetherealserver’sdestinationport. 

•Ifazerovalueissettotherealserverport,thenanybindings

createdusingthatrealserver

willusetheclient’soriginaldestinationport.

Iftherealserver’sportissetto0,theonlyvalidfaildetecttypesfortherealserverisnoneor

ping.