D-Link DFL-260E User Manual for DFL-260E - Page 365
Using NAT Pools Can Increase the Connections, The Source IP Address Used for Translation
View all D-Link DFL-260E manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 365 highlights
7.2. NAT Chapter 7. Address Translation However, since there is a possible range of 64,500 source ports and the same number for destination ports, it is theoretically possible to have over 4 billion connections between two IP addresses if all ports are used. Using NAT Pools Can Increase the Connections To increase the number of NAT connections that can exist between the NetDefend Firewall and a particular external host IP, the NetDefendOS NAT pools feature can be used which can automatically make use of additional IP addresses on the firewall. This is useful in situations where a remote server requires that all connections are to a single port number. In such cases, the 64,500 limit for unique IP address pairs will apply. See Section 7.3, "NAT Pools" for more information about this topic. The Source IP Address Used for Translation There are three options for how NetDefendOS determines the source IP address that will be used for NAT: • Use the IP Address of the Interface When a new connection is established, the routing table is consulted to resolve the outbound interface for the connection. The IP address of that resolved interface is then used as the new source IP address when NetDefendOS performs the address translation. This is the default way that the IP address is determined. • Specify a Specific IP Address A specific IP address can be specified as the new source IP address. The specified IP address needs to have a matching ARP Publish entry configured for the outbound interface. Otherwise, the return traffic will not be received by the NetDefend Firewall. This technique might be used when the source IP is to differ based on the source of the traffic. For example, an ISP that is using NAT, might use different IP addresses for different customers. • Use an IP Address from a NAT Pool A NAT Pool, which is a set of IP addresses defined by the administrator, can be used. The next available address from the pool can be used as the IP address used for NAT. There can be one or many NAT pools and a single pool can be used in more than one NAT rule. This topic is discussed further in Section 7.3, "NAT Pools". Applying NAT Translation The following illustrates how NAT is applied in practice on a new connection: 1. The sender at IP address 192.168.1.5 sends a packet from a dynamically assigned port, for example 1038, to a server, for example 195.55.66.77 port 80. 192.168.1.5:1038 => 195.55.66.77:80 2. In this example, the Use Interface Address option is used, and we will use 195.11.22.33 as the interface address. In addition, the source port is changed to a random free port on the NetDefend Firewall and which is above port 1024. In this example, we will assume port 32,789 is chosen. The packet is then sent to its destination. 195.11.22.33:32789 => 195.55.66.77:80 365