beautypg.com

Network address translation, Static nat, Network address translation 191 – Nortel Networks WEB OS 212777 User Manual

Page 191: Static nat 191

background image

Web OS 10.0 Application Guide

Chapter 7: Filtering

n

191

212777-A, February 2002

Network Address Translation

Network Address Translation (NAT) is an Internet standard that enables an Alteon Web switch
to use one set of IP addresses for internal traffic and a second set of addresses for external traf-
fic. Alteon Web switches use filters to implement NAT.

NAT serves two main purposes:

n

Provides a type of firewall by hiding internal IP addresses and increases network security.

n

Enables a company to use more internal IP addresses. Since they’re used internally only,
there’s no possibility of conflict with public IP addresses used by other companies and
organizations.

In the following NAT examples, a company has configured its internal network with private IP
addresses. A private network is one that is isolated from the global Internet and is, therefore,
free from the usual restrictions requiring the use of registered, globally unique IP addresses.

With NAT, private networks are not required to remain isolated. NAT capabilities within the
switch allow internal, private network IP addresses to be translated to valid, publicly adver-
tised IP addresses and back again. NAT can be configured in one of the following two ways:

n

Static NAT provides a method for direct mapping of one predefined IP address (such as a
publicly available IP address) to another (such as a private IP address)

n

Dynamic NAT provides a method for mapping multiple IP addresses (such as a group of
internal clients) to a single IP address (to conserve publicly advertised IP addresses)

Alteon Web switches use filters to implement NAT.

Static NAT

The static NAT (non-proxy) example requires two filters: one for the external client-side
switch port, and one for the internal, server-side switch port. The client-side filter translates
incoming requests for the publicly advertised server IP address to the server’s internal private
network address. The filter for the server-side switch port reverses the process, translating the
server’s private address information to a valid public address.