No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

NE40E V800R010C00 Feature Description - NAT and IPv6 Transition 01

Rate and give feedback :
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Configuring a NAT Device When External Users Want to Access an Internal Server

Configuring a NAT Device When External Users Want to Access an Internal Server

In a NAT networking scenario, servers on a private network are invisible to hosts on a public network. However, in real-world situations, a server on a private network may be required to provide services, such as WWW or FTP services, for hosts on a public network.

To meet such a requirement, enable the NAT server function on a NTA device and configure mappings between a private network server's IP address+port number and a public network IP address+port number on the NAT server. For example, on the network shown in Figure 3-13, the NAT server function is enabled on a NAT device, and a private network server's IP address+port number (192.168.0.2:80) are mapped to a public network IP address+port number (10.105.178.2:100). When a public network host requires to access the server 192.168.0.2, the NAT device converts 10.105.178.2:100 to 192.168.0.2:80, so that the service request can reach the server 192.168.0.2 on the private network. Such a conversion operation will not be performed if the host 192.168.0.3 requires to access the server 192.168.0.2 on the same private network.
Figure 3-13  NAT server application

The following uses the network shown in Figure 3-13 as an example to describe the implementation of the NAT server function.

  • On the NAT server, add inbound and outbound entries that record mappings between a private network IP address+port number and a public network IP address+port number.
  • A public network host sends a request for accessing a private network server, and the NAT server receives the service request.
  • The NAT server searches for a NAT entry that matches the request packet's destination IP address+port number, and converts the destination IP address+port number to the private network IP address+port number recorded in the matching entry. Then, the NAT server sends the packet to the target private network server.
  • The target server sends a response to the NAT server. The NAT server searches for a NAT entry that matches the response packet's source IP address+port number, and converts the source IP address+port number to the public network IP address+port number recorded in the matching entry. Then, the NAT server sends the packet to the public network.

The address conversion function can easily enable private network servers to provide services for public network hosts. For example, you can enable a web server 10.110.10.10 or an FTP server 10.110.10.11 to provide services for public network hosts.

Port Forwarding

When the IP addresses of internal servers frequently change, you can configure a port forwarding policy to dynamically associate each internal server with a public IP address and port.

As shown in Figure 3-14, the port forwarding mechanism allows for access to an internal server as follows:
  1. A public IP address and port segment are pre-configured.
  2. A port forwarding policy is specified for the CPE during user authentication.
  3. The BRAS fills in the port forwarding policy with a public IPv4 address specified for the user and then generates the associated NAT entry.
  4. During accounting, the BRAS sends packets carrying the port forwarding policy to the RADIUS server.
  5. The RADIUS server monitors the user's NAT status through the NAT-Port-Forwarding-Info(26–164) attribute.
Figure 3-14  Using the port forwarding mechanism to access an internal server

The RADIUS server specifies a port forwarding policy for the server and configures the mapping between the URL and public IPv4 address for the DNS service system.

Download
Updated: 2018-07-04

Document ID: EDOC1100027155

Views: 19787

Downloads: 67

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next