Lancom Systems LCOS 3.50 Server User Manual


 
̈ Chapter 4: Management LANCOM Reference Manual LCOS 3.50
37
Management
4 Management
4.1 N:N mapping
Network Address Translation (NAT) can be used for several different matters:
̈ for better utilizing the IP4 addresses ever becoming scarcer
̈ for coupling of networks with same (private) address ranges
̈ for producing unique addresses for network management
In the first application the so-called N:1 NAT, also known as IP masquerading
(’The hiding place—IP masquerading (NAT, PAT)’ page 74) is used. All
addresses (“N”) of the local network are mapped to only one (“1”) public
address. This clear assignment of data streams to the respective internal PCs
is generally made available by the ports of the TCP and UDP protocols. That’s
why this is also called NAT/PAT (Network Address Translation/Port Address
Translation).
Due to the dynamic assignment of ports, N:1 masquerading enables only
those connections, which have been initiated by the internal network. Excep-
tion: an internal IP address is staticly exposed on a certain port, e.g. to make
a LAN server accessible from the outside. This process is called “inverse mas-
querading” (’Inverse masquerading’ page 78).
A N:N mapping is used for network couplings with identical address ranges.
This transforms unambiguously multiple addresses (“N”) of the local network
to multiple (“N”) addresses of another network. Thereby, an address conflict
can be resolved.
Rules for this address translation are defined in a static table in the LANCOM.
Thereby new addresses are assigned to single stations, parts of the network,
or the entire LAN, by which the stations can contact other networks then.
Some protocols (FTP, H.323) exchange parameters during their protocol nego-
tiation, which can have influence on the address translation for the N:N map-
ping. For a correct functioning of the address translation, the connection
information of these protocols are tracked appropriately by functions of the
firewall in a dynamic table, and are additionally considered to the entries of
the static table.
The address translation is made “outbound”, i.e. the source address is
translated for outgoing data packets and the destination address for
incoming data packets, as long as the addresses are located within