Netopia R7200 manual Exported services, Understanding Netopia NAT Behavior C-5

Page 225

Understanding Netopia NAT Behavior C-5

Now both IP packets have the exact same source IP address (200.1.1.40) and source ports (400). The Netopia R7200 is then able to distinguish between the two IP packets by changing the source TCP or UDP ports and keeping this information in an internal table. As seen above, the source port for Workstation A has been changed to 5001 and the source port for Workstation B has been changed to 5002.

If you were to look at the internal port mapping table that is maintained by the Netopia R7200, it would look similar to the following:

Source LAN IP

Source LAN Port

Remapped LAN Port

192.168.5.2

TCP

400

TCP

5001

192.168.5.3

TCP

400

TCP

5002

With this information the Netopia R7200 can determine the appropriate routing for an IP response from the Internet. In this case, when the WWW server responds with a destination port of 5001, the Netopia R7200 can see that this packet's destination on the local LAN interface is actually Workstation A at IP address 192.168.5.2. Likewise, with the response for port 5002, the Netopia R7200 can see that this packet's destination on the local LAN interface is actually Workstation B at IP address 192.168.5.3.

Exported services

Note that this “automatic” port remapping and IP address substitution only works in one direction – for IP packets that originated on the LAN interface destined to the WAN interface and the Internet. In order for port remapping and IP address substitution to work in the other direction – that is, hosts on the Internet that want to originate an IP packet destined to a host on the Netopia R7200s LAN interface – a manual redirection of TCP or UDP ports as well as destination IP addresses within the Netopia R7200 is required. This manual port remapping and IP address substitution is accomplished by setting up exported services.

Exported services are essentially user-defined pointers for a particular type of incoming TCP or UDP service from the WAN interface to a host on the local LAN interface. This is necessary since the Netopia R7200 and thus the attached local LAN has only one IP presence on the WAN interface and Internet. Exported services allows the user to redirect one type of service – for example Port 21 (FTP) – to a single host on the local LAN interface. This will then allow the Netopia R7200 to redirect any packets coming in from the Internet with the defined destination TCP or UDP port of port 21 (FTP) to be redirected to a host on the local LAN interface.

For example, suppose the WWW server on the Internet with the IP address of 163.176.4.32 wants to access Workstation B on the Netopia R7200s local LAN interface which is operating as an FTP server. The IP address for Workstation B is 192.168.5.3, which is not a valid IP address, and thus the WWW server on the Internet cannot use this IP address to access Workstation B.

The WWW server on the Internet would then have to use the single valid IP address that was acquired on the Netopia R7200's WAN interface to access any host on the Netopia R7200's local LAN interface, since this is the only valid address for the Internet. But if the WWW server on the Internet opens a connection to 200.1.1.40 via port 21 (FTP) and no exported services are defined on the Netopia R7200, the Netopia R7200 will discard the incoming packet since the Netopia R7200 itself does not perform the requested service.

You can see why exported services are necessary. In the example above, an exported service needs to be defined within the Netopia R7200 redirecting any incoming IP traffic with a destination port of 21 to the host on the local LAN interface with the IP address of 192.168.5.3.

Page 224 Page 226
Image 225
Page 224 Page 226
Contents Netopia R7200 Sdsl Router Part Number Contents Part II Advanced Configuration Contents Aurp Snmp Xmodem Part III Appendixes User’s Reference Guide Part I Getting Started User’s Reference Guide Features and capabilities Chapter IntroductionOverview How to use this guide Finding an Internet service provider Chapter Setting Up Internet ServicesUnique requirements Setting up a Netopia R7200 account Obtaining an IP addressPricing and support Endorsements Deciding on an ISP accountLocal LAN IP address information to obtain Obtaining information from the ISPWith Network Address Translation Without Network Address TranslationUser’s Reference Guide Find a location Chapter Making the Physical ConnectionsWhat you need Identify the connectors and attach the cablesYour router on Netopia R7200 Sdsl Router back panel portsNetopia R7200 LED front panel Netopia R7200 Sdsl Router status lightsReadying computers on your local network Chapter Connecting to Your Local Area NetworkUser’s Reference Guide Connecting to an Ethernet network 10Base-T Adding an external modem Connecting to a LocalTalk network Chapter Setting up your Router with the SmartStart Wizard Before running SmartStart SmartStart Wizard configuration screens Setting up your Router with the SmartStart WizardEasy option Advanced setupAdvanced option Configuration screen on Configuration tab Dynamic configuration recommendedStatic configuration optional Add. Repeat this process for the secondary DNS TCP/IP Configuring TCP/IP on Macintosh computersTCP/IP or MacTCP Dynamic configuration using MacIP optional Setting up your Router with the SmartStart Wizard User’s Reference Guide Chapter Console-Based Management Connecting through a Telnet session Configuring Telnet software Connecting a console cable to your routerPC ANSI-BBS Navigating through the console screensChapter Easy Setup Easy Setup console screensAccessing the Easy Setup console screens See Appendix A, Troubleshooting, for more suggestions Quick Easy Setup connection path Main Menu appears Sdsl Line ConfigurationPrevious Screen Next Screen Easy Setup ProfileIP Easy Setup Easy Setup Security Configuration Previous Screen To Main Menu Part II Advanced Configuration User’s Reference Guide WAN configuration Chapter WAN and System ConfigurationATM VPI ATM VCI Creating a new Connection Profile IPX Profile Parameters Remote IPX Network Datalink PPP/MP Options Data Compression Default profile Main Menu Default Profile screen appears IP parameters default profile screen System configuration screens IPX parameters default profile screenNavigating through the system configuration screens System configuration features Filter sets firewalls Network protocols setupIP address serving Date and timeConsole configuration Snmp Simple Network Management Protocol Upgrade feature setSecurity LoggingInstalling the Syslog client User’s Reference Guide Chapter Line Backup Backup Configuration screen appears Atdt Backup Configuration screenIP Setup screen Connection Profiles Using Scheduled Connections with BackupScheduled Connections screen appears Management/Statistics Force Recovery QuickView Event LogsSnmp Support User’s Reference Guide Network Address Translation features Chapter IP Setup and Network Address TranslationHOW NAT Works Previous Screen Using Network Address TranslationV2 multicast Numbered Sdsl WAN1 Associating port numbers with nodesAdvanced IP/IPX router configuration options Data Link Options IP Setup and Network Address Translation Network Address Translation guidelines IP setup User’s Reference Guide Select Add Export. The Add Exported Service screen appears Select Service. a pop-up menu of services and ports appears IP subnets User’s Reference Guide Static routes Viewing static routes Static Routes screen will appearAdding a static route Rules of static route installation Modifying a static routeDeleting a static route Main Menu System Configuration IP Address Serving 176.163.222.10 Dhcp NetBios Options Serve Bootp Clients IP Address Pools IP Setup and Network Address Translation Dhcp NetBIOS Options NetBios Type MacIP KIP forwarding setup You have finished your IP setup User’s Reference Guide IPX features Chapter IPX SetupIPX definitions Internetwork Packet Exchange IPXIPX address Service Advertising Protocol SAPSocket Routing Information Protocol RIPNetBIOS IPX setup screenIPX spoofing Default Gateway Address IPX routing tables User’s Reference Guide Chapter AppleTalk Setup AppleTalk networksAppleTalk protocol AT Routing Table Routers and seeding MacIPInstalling AppleTalk Upgrade Feature Set Configuring AppleTalk EtherTalk setupLocalTalk setup Aurp setup Viewing Aurp partnersAurp Free Trade Zone Modifying an Aurp partner Adding an Aurp partnerDeleting an Aurp partner Receiving Aurp connectionsConfiguring Aurp Options Aurp Options Tickle Interval Hhmmss User’s Reference Guide Quick View status overview Chapter Monitoring ToolsGeneral status Status lights Current statusGeneral Statistics Statistics & LogsEvent histories Physical InterfaceNetwork Interface WAN Event History Device Event History Routing tablesIP routing table IPX routing table IPX Sap Bindery tableAppleTalk routing table Served IP Addresses IP Address Lease Management screen appears Snmp System InformationCommunity strings Snmp Setup screenSnmp traps Viewing IP trap receivers Setting the IP trap receiversModifying IP trap receivers Deleting IP trap receiversWeb-based management pages Event History pages WAN Event History Device Event History User’s Reference Guide Chapter Security Suggested security measuresUser accounts Protecting the configuration screens Protecting the Security Options screenDial-in console access Telnet access Enable SmartStart/SmartView/Web serverAbout filters and filter sets What’s a filter and what’s a filter set?Filter priority How filter sets workHow individual filters work filtering rule Parts of a filterPort numbers Other filter attributes Port number comparisonsUDP Putting the parts togetherFiltering example #2 Filtering example #1Disadvantages of filters Design guidelinesWorking with IP filters and filter sets An approach to using filtersNaming a new filter set Adding a filter setAdding filters to a filter set Input and output filters-source and destinationADD this Filter NOW Cancel Viewing filters Viewing filter setsModifying filters Deleting filtersModifying filter sets Deleting a filter setSample IP filter set TCP Icmp UDP Possible modifications User’s Reference Guide IPX filters IPX packet filters Viewing and modifying packet filtersAdding a packet filter Deleting a packet filter IPX packet filter setsViewing and modifying packet filter sets Adding a packet filter setNo Match IPX SAP filters Deleting a packet filter setViewing and modifying SAP filters Deleting a SAP filter Adding a SAP filterIPX SAP filter sets Viewing and modifying SAP filter setsAdding a SAP filter set Deleting a SAP filter set Firewall tutorial General firewall terms Basic IP packet componentsBasic protocol types Firewall design rules Example TCP/UDP PortsFirewall Logic Logical and function Binary representationImplied rules Established connectionsExample IP filter set screen Example network Filter basicsExample Example filtersExample Example Chapter Utilities and Diagnostics Ping Receive return Ping packet Stop Ping Trace RouteTelnet client Disconnect Telnet console session Factory defaultsUpdating firmware Transferring configuration and firmware files with TftpDownloading configuration files Transferring configuration and firmware files with Xmodem Uploading configuration filesIdle Do you want to send a saved configuration to your Netopia? Restarting the system Part III Appendixes User’s Reference Guide Configuration problems Appendix a TroubleshootingNetwork problems Console connection problemsPower outages How to reset the router to factory defaultsTechnical support How to reach usBefore contacting Netopia Environment profileFAX-Back Online product informationUser’s Reference Guide What is IP? Appendix B Understanding IP AddressingAbout IP addressing Subnets and subnet masks Subnet masks Example Using subnets on a Class C IP internetISP Network Network configurationExample Working with a Class C subnet Distributing IP addressesBackground Technical note on subnet masking Netopia R7200 Dhcp server characteristics ConfigurationDhcp address serving Manually distributing IP addresses Using address servingMacIP serving Serve dynamic WAN clientsUnderstanding IP Addressing B-9 Tips and rules for distributing IP addressesDhcp example Internet Nested IP subnets0.0 C.1 WAN 3719 Packet header types BroadcastsUser’s Reference Guide Appendix C Understanding Netopia NAT Behavior Network configurationBackground User’s Reference Guide Understanding Netopia NAT Behavior C-3 Netopia Router WWW Server ISP Router LAN Understanding Netopia NAT Behavior C-5 Exported servicesImportant notes Understanding Netopia NAT Behavior C-7 Summary Appendix D Binary Conversion Table Decimal Binary Appendix E Further Reading User’s Reference Guide Further Reading E-3 User’s Reference Guide Pinouts for Auxiliary port modem cable Appendix F Technical Specifications and Safety InformationPower requirements DescriptionEnvironment Software and protocols Regulatory notices Agency approvalsNorth America InternationalDeclaration for Canadian users Important safety instructionsBattery Telecommunication installation cautionsAppendix G About Sdsl User’s Reference Guide Glossary User’s Reference Guide Glossary User’s Reference Guide Remapping See network number remapping User’s Reference Guide Glossary User’s Reference Guide Numerics IndexIndex-2 Index-3 Index-4 Index-5 Index-6 Limited Warranty and Limitation of Remedies User’s Reference Guide
Top Page Image Contents