Chapter 17 NAT

Table 93 Configuration > Network > NAT > Add (continued)

LABEL

DESCRIPTION

Mapped IP

This field displays for Many 1:1 NAT. Select to which translated

Subnet/Range

destination IP address subnet or IP address range this NAT rule forwards

 

packets. The original and mapped IP address subnets or ranges must

 

have the same number of IP addresses.

 

 

Port Mapping

Use the drop-down list box to select how many original destination ports

Type

this NAT rule supports for the selected destination IP address (Original

 

IP). Choices are:

 

Any - this NAT rule supports all the destination ports.

 

Port - this NAT rule supports one destination port.

 

Ports - this NAT rule supports a range of destination ports. You might

 

use a range of destination ports for unknown services or when one

 

server supports more than one service.

 

See Appendix B on page 841 for some common port numbers.

 

 

Protocol Type

This field is available if Mapping Type is Port or Ports. Select the

 

protocol (TCP, UDP, or Any) used by the service requesting the

 

connection.

 

 

Original Port

This field is available if Mapping Type is Port. Enter the original

 

destination port this NAT rule supports.

 

 

Mapped Port

This field is available if Mapping Type is Port. Enter the translated

 

destination port if this NAT rule forwards the packet.

 

 

Original Start

This field is available if Mapping Type is Ports. Enter the beginning of

Port

the range of original destination ports this NAT rule supports.

 

 

Original End

This field is available if Mapping Type is Ports. Enter the end of the

Port

range of original destination ports this NAT rule supports.

 

 

Mapped Start

This field is available if Mapping Type is Ports. Enter the beginning of

Port

the range of translated destination ports if this NAT rule forwards the

 

packet.

 

 

Mapped End

This field is available if Mapping Type is Ports. Enter the end of the

Port

range of translated destination ports if this NAT rule forwards the packet.

 

The original port range and the mapped port range must be the same

 

size.

 

 

Enable NAT

Enable NAT loopback to allow users connected to any interface (instead

Loopback

of just the specified Incoming Interface) to use the NAT rule’s

 

specified Original IP address to access the Mapped IP device. For

 

users connected to the same interface as the Mapped IP device, the

 

ZyWALL uses that interface’s IP address as the source address for the

 

traffic it sends from the users to the Mapped IP device.

 

For example, if you configure a NAT rule to forward traffic from the WAN

 

to a LAN server, enabling NAT loopback allows users connected to other

 

interfaces to also access the server. For LAN users, the ZyWALL uses the

 

LAN interface’s IP address as the source address for the traffic it sends

 

to the LAN server. See NAT Loopback on page 327 for more details.

 

If you do not enable NAT loopback, this NAT rule only applies to packets

 

received on the rule’s specified incoming interface.

 

 

326

 

ZyWALL USG 50 User’s Guide