Filter
Top Products
Web OS 10.0 Application Guide
Chapter 7: Filtering
193
212777-A, February 2002
Note the following important points about this configuration:
n Within each filter, the smask and dmask values are identical.
n All parameters for both filters are identical except for the NAT direction. For Filter 10,
nat source is used. For Filter 11, nat dest is used.
n Filters for static (non-proxy) NAT should take precedence over dynamic NAT filters (fol-
lowing example). Static filters should be given lower filter numbers.
Dynamic NAT
Dynamic NAT is a many-to-one solution: multiple clients on the private subnet take advantage
of a single external IP address, thus conserving valid IP addresses. In this example, clients on
the internal private network require TCP/UDP access to the Internet:
Figure 7-9 Dynamic Network Address Translation
NOTE – Dynamic NAT can also be used to support ICMP traffic for PING.
This example requires a NAT filter to be configured on the switch port that is connected to the
internal clients. When the NAT filter is triggered by outbound client traffic, the internal private
IP address information on the outbound packets is translated to a valid, publicly advertised IP
address on the switch. In addition, the public IP address must be configured as a proxy IP
address on the switch port that is connected to the internal clients. The proxy performs the
reverse translation, restoring the private network addresses on inbound packets.
RouterHub
Internal Clients
10.10.10.x
(Private network)
Internet
Inbound proxy on
public address
Outbound filter:
NAT source info
to public address
1
Public IP Address:
205.178.17.12