Chapter 9 Network Address Translation (NAT)

outside world. If you do not define any servers (for Many-to-One and Many-to- Many Overload mapping – see Table 48 on page 147), NAT offers the additional benefit of firewall protection. With no servers defined, your ZyXEL Device filters out all incoming inquiries, thus preventing intruders from probing your network.

For more information on IP address translation, refer to RFC 1631, The IP Network Address Translator (NAT).

9.6.3 How NAT Works

Each packet has two addresses – a source address and a destination address. For outgoing packets, the ILA (Inside Local Address) is the source address on the LAN, and the IGA (Inside Global Address) is the source address on the WAN. For incoming packets, the ILA is the destination address on the LAN, and the IGA is the destination address on the WAN. NAT maps private (local) IP addresses to globally unique ones required for communication with hosts on other networks. It replaces the original IP source address (and TCP or UDP source port numbers for Many-to-One and Many-to-Many Overload NAT mapping) in each packet and then forwards it to the Internet. The ZyXEL Device keeps track of the original addresses and port numbers so incoming reply packets can have their original values restored. The following figure illustrates this.

Figure 70 How NAT Works

NAT Table

LAN

 

 

 

 

 

 

 

 

 

 

 

 

Inside Local

 

Inside Global

 

 

 

 

 

 

 

IP Address

 

IP Address

192.168.1.13

192.168.1.10

 

IGA 1

192.168.1.11

 

IGA 2

 

 

 

192.168.1.12

 

IGA 3

 

 

 

192.168.1.13

 

IGA 4

192.168.1.12

 

 

 

 

 

 

 

 

 

 

SA

 

 

 

 

 

SA

 

 

 

 

 

 

 

 

 

 

 

 

 

192.168.1.10

 

 

 

 

 

IGA1

 

 

 

 

 

 

 

 

 

 

 

 

 

WAN

 

 

 

 

Inside Local

Inside

Global

Address (ILA)

Address (IGA)

192.168.1.11 192.168.1.10

 

145

P-660HN-T1H User’s Guide