Chapter 13 NAT

 

 

 

 

Table 84 Configuration > Network > NAT > Add (continued)

 

LABEL

DESCRIPTION

 

Mapped End Port

This field is available if Mapping Type is Ports. Enter the end of the range of

 

 

translated destination ports if this NAT rule forwards the packet. The original port

 

 

range and the mapped port range must be the same size.

 

 

 

 

Enable NAT

Enable NAT loopback to allow users connected to any interface (instead of just the

 

Loopback

specified Incoming Interface) to use the NAT rule’s specified Original IP address to

 

 

access the Mapped IP device. For users connected to the same interface as the

 

 

Mapped IP device, the ZyWALL uses that interface’s IP address as the source address

 

 

for the traffic it sends from the users to the Mapped IP device.

 

 

For example, if you configure a NAT rule to forward traffic from the WAN to a LAN

 

 

server, enabling NAT loopback allows users connected to other interfaces to also

 

 

access the server. For LAN users, the ZyWALL uses the LAN interface’s IP address as

 

 

the source address for the traffic it sends to the LAN server. See NAT Loopback on

 

 

page 225 for more details.

 

 

If you do not enable NAT loopback, this NAT rule only applies to packets received on

 

 

the rule’s specified incoming interface.

 

 

 

 

Firewall

By default the firewall blocks incoming connections from external addresses. After you

 

 

configure your NAT rule settings, click the Firewall link to configure a firewall rule to

 

 

allow the NAT rule’s traffic to come in.

 

 

The ZyWALL checks NAT rules before it applies To-ZyWALL firewall rules, so To-ZyWALL

 

 

firewall rules do not apply to traffic that is forwarded by NAT rules. The ZyWALL still

 

 

checks other firewall rules according to the source IP address and mapped IP address.

 

 

 

 

OK

Click OK to save your changes back to the ZyWALL.

 

 

 

 

Cancel

Click Cancel to return to the NAT summary screen without creating the NAT rule (if it

 

 

is new) or saving any changes (if it already exists).

 

 

 

13.3 NAT Technical Reference

Here is more detailed information about NAT on the ZyWALL.

NAT Loopback

Suppose an NAT 1:1 rule maps a public IP address to the private IP address of a LAN SMTP e-mail server to give WAN users access. NAT loopback allows other users to also use the rule’s original IP to access the mail server.

For example, a LAN user’s computer at IP address 192.168.1.89 queries a public DNS server to resolve the SMTP server’s domain name (xxx.LAN-SMTP.com in this example) and gets the SMTP server’s mapped public IP address of 1.1.1.1.

 

225

ZyWALL 110/310/1100 Series User’s Guide