D-Link DFL-260E User Manual for DFL-260E - Page 370
Stateless NAT Pools, Fixed NAT Pools, IP Pool Usage, Proxy ARP Usage, Using NAT Pools, Stateless
View all D-Link DFL-260E manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 370 highlights
7.3. NAT Pools Chapter 7. Address Translation There is only one state table per NAT Pool so that if a single NAT Pool is re-used in multiple NAT IP rules they share the same state table. Stateless NAT Pools The Stateless option means that no state table is maintained and the external IP address chosen for each new connection is the one that has the least connections already allocated to it. This means two connections between one internal host to the same external host may use two different external IP addresses. The advantage of a Stateless NAT Pool is that there is good spreading of new connections between external IP addresses with no requirement for memory allocated to a state table and there is less processing time involved in setting up each new connection. The disadvantage is that it is not suitable for communication that requires a constant external IP address. Fixed NAT Pools The Fixed option means that each internal client or host is allocated one of the external IP addresses through a hashing algorithm. Although the administrator has no control over which of the external connections will be used, this scheme ensures that a particular internal client or host will always communicate through the same external IP address. The Fixed option has the advantage of not requiring memory for a state table and providing very fast processing for new connection establishment. Although explicit load balancing is not part of this option, there should be spreading of the load across the external connections due to the random nature of the allocating algorithm. IP Pool Usage When allocating external IP addresses to a NAT Pool it is not necessary to explicitly state these. Instead a NetDefendOS IP Pool object can be selected. IP Pools gather collections of IP addresses automatically through DHCP and can therefore supply external IP addresses automatically to a NAT Pool. See Section 5.4, "IP Pools" for more details about this topic. Proxy ARP Usage Where an external router sends ARP queries to the NetDefend Firewall to resolve external IP addresses included in a NAT Pool, NetDefendOS will need to send the correct ARP replies for this resolution to take place through its Proxy ARP mechanism so the external router can correctly build its routing table. By default, the administrator must specify in NAT Pool setup which interfaces will be used by NAT pools. The option exists however to enable Proxy ARP for a NAT Pool on all interfaces but this can cause problems sometimes by possibly creating routes to interfaces on which packets should not arrive. It is therefore recommended that the interface(s) to be used for the NAT Pool Proxy ARP mechanism are explicitly specified. Using NAT Pools NAT Pools are used in conjunction with a normal NAT IP rule. When defining a NAT rule, the dialog includes the option to select a NAT Pool to use with the rule. This association brings the NAT Pool into use. Example 7.2. Using NAT Pools 370