Chapter 5 WAN Setup

Full Cone NAT

In full cone NAT, the NAT router maps all outgoing packets from an internal IP address and port to a single IP address and port on the external network. The NAT router also maps packets coming to that external IP address and port to the internal IP address and port.

In the following example, the P-2812HNU-51c maps the source address of all packets sent from the internal IP address 1 and port A to IP address 2 and port B on the external network. The P-2812HNU-51c also performs NAT on all incoming packets sent to IP address 2 and port B and forwards them to IP address 1, port A.

Figure 52 Full Cone NAT Example

1, A

2, B

 

Restricted Cone NAT

As in full cone NAT, a restricted cone NAT router maps all outgoing packets from an internal IP address and port to a single IP address and port on the external network. In the following example, the NAT router maps the source address of all packets sent from internal IP address 1 and port A to IP address 2 and port B on the external network.

The difference from full cone NAT is in how the restricted cone NAT router handles packets coming in from the external network. A host on the external network (IP address 3 or IP address 4 for example) can only send packets to the internal host if the internal host has already sent a packet to the external host’s IP address.

A server with IP address 1 and port A sends packets to IP address 4. The P- 2812HNU-51c changes the server’s IP address to 2 and port to B.

Both 4, D and 4, E can send packets to 2, B since 1, A has already sent packets to 4. The P-2812HNU-51c will perform NAT on the packets from 4, D and 4, E and

 

129

P-2812HNU-51c User’s Guide