Netopia 4553 manual Complex maps

9-94 User’s Reference Guide

Exterior addresses are allocated to internal hosts on a demand, or as-needed, basis and then made available when traffic from that host ceases. Once an internal host has been allocated an address, it will use that address for all traffic. Five minutes after all traffic ceases – no pings, all TCP connections closed, no DNS requests, etc. – the address is put at the head of an available list. If an interior host needs an exterior address an hour later, and the previously used address is still available, it will acquire the same address. If an interior host that has not previously been allocated an exterior address needs one, it will be allocated the last, hence the oldest, exterior address on the available list.

All NAT configurations are rule-based. This means that traffic passed through NAT from either the public or the private network is compared to the rules and mappings configured in the Netopia Router in a particular order. The first rule that applies to the traffic being initiated is used.

For example, if a connection is initiated from the public network and is destined for a public IP address configured on the Netopia Router, the following comparisons are made in this order.

1.The Netopia Router first checks its internal NAT cache to see if the data is part of a previously initiated connection, if not…

2.The Netopia Router checks the configured server lists to see if this traffic is intended to be forwarded to an internal host based on the type of service.

3.The Netopia Router then checks to see if there is a static, dynamic, or PAT mapping for the public IP address that the connection is being initiated to.

4.The Netopia Router answers the request itself if the data is destined for the Netopia’s WAN interface IP address. Otherwise the data is discarded.

Complex maps

Map lists and server lists are completely independent of each other. A Connection Profile can use one or the other or both.

MultiNAT allows complex mapping and requires more complex configuration than in earlier firmware versions. Multiple mapped interior subnets are supported, and the rules for mapping each of the subnets may be different. The figure below illustrates a possible multiNAT configuration.