Anonymizing with nat – Amer Networks E5Web GUI User Manual

•

Several internal machines can not communicate with the same external server using the
same IP protocol.

Note: Restrictions only apply to IP level protocols

These restrictions apply only to IP level protocols other than TCP, UDP and ICMP, such as
OSPF and L2TP. They do not apply to the protocols transported by TCP, UDP and ICMP
such as telnet, FTP, HTTP and SMTP.

cOS Core can alter port number information in the TCP and UDP headers to make each
connection unique, even though such connections have had their sender addresses
translated to the same IP.

Some protocols, regardless of the method of transportation used, can cause problems during
address translation.

Anonymizing Internet Traffic with NAT

A useful application of the NAT feature in cOS Core is for anonymizing service providers to
anonymize traffic between clients and servers across the public Internet so that the client's
public IP address is not present in any server access requests or peer to peer traffic.

We shall examine the typical case where the Clavister Security Gateway acts as a PPTP server and
terminates the PPTP tunnel for PPTP clients. Clients that wish to be anonymous, communicate
with their local ISP using PPTP. The traffic is directed to the anonymizing service provider where
a Clavister Security Gateway is installed to act as the PPTP server for the client, terminating the
PPTP tunnel. This arrangement is illustrated in the diagram below.

Figure 7.3. Anonymizing with NAT

cOS Core is set up with NAT rules in the IP rule set so it takes communication traffic coming from
the client and NATs it back out onto the Internet. Communication with the client is with the PPTP

Chapter 7: Address Translation

496