Software Release 2.3.1

17

translates both the public and private side source and destination addresses. ENHANCED NAT defined for a private interface will translate the private side source address (specified using the IP parameter) and protocol dependent ports to a single source address (specified by the GBLIP parameter), suitable for the public side of the Firewall. ENHANCED NAT defined for a public interface will translate the public side source address (specified using the GBLREMOTEIP parameter) and protocol dependent ports to a single source address (specified by the REMOTEIP parameter), suitable for the private side of the Firewall. REVERSE NAT translates the addresses of public side devices (specified using the GBLREMOTEIP parameter), to addresses suitable for the private side of the Firewall (specified using the REMOTEIP parameter), so translates source address for inbound traffic and destination address for outbound traffic. STANDARD NAT translates the addresses of private side devices (specified using the IP parameter) to addresses suitable for the public side of the Firewall (specified by the GBLIP parameter), so translates source address for outbound traffic and destination address for inbound traffic.

The NATMASK parameter specifies an IP address mask that will be used to translate IP addresses from one subnet to another. The MASK parameter must only be specified when the rule action is NAT and the NATTYPE is specified as DOUBLE, REVERSE or STANDARD. The NATMASK parameter can be used when translating entire subnets from one address to another. If DOUBLE NAT is specified, the NATMASK is applied to the IP, GBLIP, REMOTEIP and GBLREMOTEIP parameters. If REVERSE NAT is specified, the NATMASK is applied to both the REMOTEIP and GBLREMOTEIP parameters. If STANDARD NAT is specified, the NATMASK is applied to both the IP and GBLIP parameters. The IP, GBLIP, REMOTEIP and GBLREMOTEIP parameters must specify a single IP address if the NATMASK parameter is used.

The REMOTEIP parameter specifies a single IP address or a range of IP addresses that match the destination address of packets received on a private interface. If the value specified for the ACTION parameter is not NAT, the REMOTEIP parameter also specifies a single IP address or range of IP addresses that match the source address of packets received on a public interface. If the value specified for the ACTION parameter is NAT, the REMOTEIP parameter also specifies the IP address to be used as the private IP address for public side devices.

Table 2 summarises the required parameters for the Firewall NAT Rules which were explained in the IP, REMOTEIP, GBLIP, GBLREMOTEIP and NATMASK paragraphs above.

Software Release 2.3.1 C613-10325-00 REV B

Page 17
Image 17
Allied Telesis AT-AR300 manual Software Release