Allied Telesis AR300 series Network Router User Manual


 
Software Release 2.3.1 17
Software Release 2.3.1
C613-10325-00 REV B
translates both the public and private side source and destination addresses.
ENHANCED NAT defined for a private interface will translate the private side
source address (specified using the IP parameter) and protocol dependent
ports to a single source address (specified by the GBLIP parameter), suitable
for the public side of the Firewall. ENHANCED NAT defined for a public
interface will translate the public side source address (specified using the
GBLREMOTEIP parameter) and protocol dependent ports to a single source
address (specified by the REMOTEIP parameter), suitable for the private side
of the Firewall. REVERSE NAT translates the addresses of public side devices
(specified using the GBLREMOTEIP parameter), to addresses suitable for the
private side of the Firewall (specified using the REMOTEIP parameter), so
translates source address for inbound traffic and destination address for
outbound traffic. STANDARD NAT translates the addresses of private side
devices (specified using the IP parameter) to addresses suitable for the public
side of the Firewall (specified by the GBLIP parameter), so translates source
address for outbound traffic and destination address for inbound traffic.
The NATMASK parameter specifies an IP address mask that will be used to
translate IP addresses from one subnet to another. The MASK parameter must
only be specified when the rule action is NAT and the NATTYPE is specified as
DOUBLE, REVERSE or STANDARD. The NATMASK parameter can be used
when translating entire subnets from one address to another. If DOUBLE NAT
is specified, the NATMASK is applied to the IP, GBLIP, REMOTEIP and
GBLREMOTEIP parameters. If REVERSE NAT is specified, the NATMASK is
applied to both the REMOTEIP and GBLREMOTEIP parameters. If
STANDARD NAT is specified, the NATMASK is applied to both the IP and
GBLIP parameters. The IP, GBLIP, REMOTEIP and GBLREMOTEIP parameters
must specify a single IP address if the NATMASK parameter is used.
The REMOTEIP parameter specifies a single IP address or a range of IP
addresses that match the destination address of packets received on a private
interface. If the value specified for the ACTION parameter is not NAT, the
REMOTEIP parameter also specifies a single IP address or range of IP
addresses that match the source address of packets received on a public
interface. If the value specified for the ACTION parameter is NAT, the
REMOTEIP parameter also specifies the IP address to be used as the private IP
address for public side devices.
Table 2 summarises the required parameters for the Firewall NAT Rules which
were explained in the IP, REMOTEIP, GBLIP, GBLREMOTEIP and NATMASK
paragraphs above.