Multitech RF830-AP, RF820-AP manual Network Setup Snat, Service

Chapter 5 – Configuration Using Web Management Software

Network Setup > SNAT

Network Setup > SNAT

The SNAT (Source Network Address Translation) process allows attaching private networks to public networks. SNAT is used when you want to have a LAN using a private IP network to be connected to the internet via a firewall. Since the private IP addresses are not routed on the internet, you have to apply SNAT on the firewall’s external interface.

The RouteFinder’s internal interface serves as the default gateway for the LAN. Hence, a rule is added to the RouteFinder to replace the source address of all packets crossing its external interface from inside to outside with the RouteFinder’s own interface IP address. Once the request gets answered from the Internet host, the RouteFinder will receive the reply packets and will forward them to the client on the LAN.

On this screen you can set up the RouteFinder‘s ability to rewrite the source address of in-transit data packages using SNAT. This functionality is equivalent to DNAT, except that the source addresses of the IP packets are converted instead of the target addresses being converted. This can be helpful in more complex situations (e.g., diverting reply packets of connections to other networks or hosts).

Important

•For SNAT support, the TCP and/or UDP settings must be enabled in the Networks menu.

•As the translation takes place after the filtering by packet filter rules, you must allow connections that concern your SNAT rules in Packet Filters > Packet Filter Rules with the original source address. Packet filter rules are covered later in this chapter.

•To create simple connections from private networks to the Internet, you should use the Network Setup > Masquerading function instead of SNAT. In contrast to Masquerading, SNAT is a static address conversion, and the rewritten source address does not have to be one of the RouteFinder‘s IP addresses.

Add SNAT Definition – From the drop down lists, select IP packet characteristics to be translated.

Pre SNAT Source

Select the original source network of the packet. The network must be predefined in the Networks menu. The entry is confirmed by clicking the Add button. Existing entries can be deleted or edited.

Service

Allows the corresponding service for the Pre SNAT Source entry field to be chosen from the select menus. The service must have already been defined in the Services menu.

Destination

Select the target network of the packet. The network must have been defined in the Network menu. The entry is confirmed by clicking the Add button. Existing entries can be deleted or edited by clicking the Edit or the Delete buttons.

Post SNAT Source

Selects the source addresses of all the packets after the translation. Only one host can be specified here. The entry is confirmed by clicking the Add button. Existing entries can be deleted or edited by clicking the Edit or the Delete buttons.

About Failover Status (For the RF830/RF830-AP Only):

Failover is a transition that takes place when one individual computer fails and a backup unit automatically takes over its request load. Failover can be enabled on this device only if the Post SNAT Source is WANLINK1 Interface or WANLINK2 Interface. Additionally, Failover requires that Spoofing be disabled and that there are Masquerading rules between LAN > WAN1 and LAN > WAN2.