Netopia R5100, R5300, R5200 manual Exported services, Understanding Netopia NAT Behavior C-5

Understanding Netopia NAT Behavior C-5

As you can see, when Workstation A and Workstation B transmit an IP packet to the WWW server on the Internet, they have unique source IP addresses on the LAN interface but potentially the same source ports, which in this case is 400. When the Netopia R5000 Series Router receives these packets, the source IP addresses are substituted with the single globally unique IP address that was acquired on the WAN interface, which is 200.1.1.40.

Now both IP packets have the exact same source IP address (200.1.1.40) and source ports (400). The Netopia R5000 Series Router is then able to distinguish between the two IP packets by changing the source TCP or UDP ports and keeping this information in an internal table. As seen above, the source port for Workstation A has been changed to 5001 and the source port for Workstation B has been changed to 5002.

If you were to look at the internal port mapping table that is maintained by the Netopia R5000 Series Router, it would look similar to the following:

With this information the Netopia R5000 Series Router can determine the appropriate routing for an IP response from the Internet. In this case, when the WWW server responds with a destination port of 5001, the Netopia R5000 Series Router can see that this packet's destination on the local LAN interface is actually Workstation A at IP address 192.168.5.2. Likewise, with the response for port 5002, the Netopia R5000 Series Router can see that this packet's destination on the local LAN interface is actually Workstation B at IP address 192.168.5.3.

Exported services

Note that this “automatic” port remapping and IP address substitution only works in one direction – for IP packets that originated on the LAN interface destined to the WAN interface and the Internet. In order for port remapping and IP address substitution to work in the other direction – that is, hosts on the Internet that want to originate an IP packet destined to a host on the Netopia R5000 Series Router’s LAN interface – a manual redirection of TCP or UDP ports as well as destination IP addresses within the Netopia R5000 Series Router is required. This manual port remapping and IP address substitution is accomplished by setting up exported services.

Exported services are essentially user-defined pointers for a particular type of incoming TCP or UDP service from the WAN interface to a host on the local LAN interface. This is necessary since the Netopia R5000 Series Router and thus the attached local LAN has only one IP presence on the WAN interface and Internet. Exported services allows the user to redirect one type of service – for example Port 21 (FTP) – to a single host on the local LAN interface. This will then allow the Netopia R5000 Series Router to redirect any packets coming in from the Internet with the defined destination TCP or UDP port of port 21 (FTP) to be redirected to a host on the local LAN interface.

For example, suppose the WWW server on the Internet with the IP address of 163.176.4.32 wants to access Workstation B on the Netopia R5000 Series Router’s local LAN interface which is operating as an FTP server. The IP address for Workstation B is 192.168.5.3, which is not a valid IP address, and thus the WWW server on the Internet cannot use this IP address to access Workstation B.