No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

CLI-based Configuration Guide - IP Service

AR100, AR120, AR160, AR1200, AR2200, AR3200, and AR3600 V300R003

This document describes the concepts and configuration procedures of IP Service features on the device, and provides the configuration examples.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
NAT Filtering and NAT Mapping

NAT Filtering and NAT Mapping

NAT filtering allows an NAT device to filter the traffic from a public network to a private network. NAT mapping enables the IP addresses of a group of hosts on a private network to be mapped to the same public IP address using the NAT mapping table.

NAT Filtering

A NAT device filters the traffic from external network to internal network. NAT filtering includes the following modes:
  • Endpoint-independent filtering

  • Endpoint-dependent filtering

  • Endpoint and port-dependent filtering

Figure 5-10 shows the NAT filtering applications.

Figure 5-10  NAT filtering applications

As shown in the preceding figure, PC-1 on the private network communicates with PC-2 and PC-3 on the public network using a NAT device. Datagram 1 is sent from PC-1 to PC-2. The source port number of the datagram is 1111 and the destination port number is 2222. The NAT device translates the source IP address to 3.3.3.3.

After PC-1 sends an access request to a PC on the public network, the PC on the public network transmits traffic to PC-1, and the NAT device filters the traffic destined for PC-1. Datagram 2', datagram 3', and datagram 4' are sent in three scenarios corresponding to the preceding three NAT filtering modes.

  • Datagram 2' is sent from PC-3 to PC-1. The destination address of datagram 2 is different from that of datagram 1, and the destination port number is 1111. Datagram 2 can pass through the NAT device only when endpoint-independent filtering is used.
  • Datagram 3' is sent from PC-2 to PC-1. The destination address of datagram 3 is the same as that of datagram 1, and the destination port number is 1111. The source port number of datagram 3 is 3333, which is different from that of datagram 1. Datagram 3 can pass through the NAT device only when endpoint-dependent filtering or endpoint-independent filtering is used.
  • Datagram 4' is sent from PC-2 to PC-1. The destination address of datagram 4 is the same as that of datagram 1, and the destination port number is 1111. The source port number of datagram 4 is 2222, which is the same as that of datagram 1. In this case, endpoint and port-dependent filtering is used, which is the default one. Datagram 4 can pass through the NAT device no matter whether a filtering mode is configured or no matter which filtering mode is configured.

NAT Mapping

After NAT mapping is enabled on a public network, it seems that all flows from a private network come from the same IP address because hosts on the private network share the same public IP address. When a host on the private network initiates a session request to a host on the public network, the NAT device searches the NAT translation table for the related session record. If the NAT device finds the session record, it translates the private IP address and port number and forwards the request. If the NAT device does not find the session record, it translates the private IP address and port number and meanwhile adds a session record to the NAT translation table. NAT mapping includes the following modes:

  • Endpoint-independent mapping: The NAT uses the same IP address and port mapping for packets sent from the same private IP address and port to any public IP address and port.
  • Endpoint and port-dependent mapping: The NAT uses the same port mapping for packets sent from the same private IP address and port to the same public IP address and port if the mapping is still active.
Translation
Download
Updated: 2019-03-06

Document ID: EDOC1100069333

Views: 32582

Downloads: 163

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next