Napt, Easy ip, Internal server – H3C Technologies H3C WX3000E Series Wireless Switches User Manual

264

NAPT

Network Address Port Translation (NAPT) is a variation of basic NAT. It allows multiple internal addresses

to be mapped to the same public IP address, which is called multiple-to-one NAT.
NAPT mapping is based on both the IP address and the port number. With NAPT, packets from multiple

internal hosts are mapped to the same external IP address with different port numbers.

Figure 237 NAPT operation

As shown in

Figure 237

, three IP packets arrive at the NAT device. Packets 1 and 2 are from the same

internal address but have different source port numbers. Packets 1 and 3 are from different internal

addresses but have the same source port number. NAPT maps their source IP addresses to the same
external address but with different source port numbers. Therefore, the packets can still be discriminated.

When response packets arrive, the NAT device can forward them to corresponding hosts based on the

destination addresses and port numbers.
NAPT can better utilize IP address resources, enabling more internal hosts to access the external network
at the same time.

Easy IP

Easy IP uses the public IP address of an interface on the device as the translated source address to save

IP address resources, and uses ACLs to permit only certain internal IP addresses to be NATed.

Internal server

NAT hides the internal network structure and the identities of internal hosts. However, some internal hosts
such as an internal Web server or FTP server might need to be accessed by external hosts. NAT satisfies

this need by supporting internal servers.
You can configure an internal server on the NAT device by mapping a public IP address and port number

to the private IP address and port number of the internal server. For example, you can configure an
address like 20.1.1.12:8080 as an internal Web server's external address and port number.
In

Figure 238

, when the NAT device receives a packet destined for the public IP address of an internal

server, it looks up the NAT entries and translates the destination address and port number in the packet

to the private IP address and port number of the internal server. When the NAT device receives a
response packet from the internal server, it translates the source private IP address and port number of the

packet into the public IP address and port number of the internal server.

192.168.1.1

20.1.1.1

1.1.1.2

Server

NAT

Intranet

Internet

192.168.1.2

Host A

192.168.1.3

Host B

Packet 1
Src : 192.168.1.2:1111

Packet 2
Src : 192.168.1.2:2222

Packet 3
Src : 192.168.1.3:1111

Packet 1
Src : 20.1.1.1:1001

Packet 2
Src : 20.1.1.1:1002

Packet 3
Src : 20.1.1.1:1003

Before NAT

192.168.1.2:1111

After NAT

20.1.1.1:1001

Direction

Outbound

192.168.1.2:2222

20.1.1.1:1002

Outbound

192.168.1.3:1111

20.1.1.1:1003

Outbound