Configuring nat, Overview, Introduction to nat – H3C Technologies H3C SecPath F1000-E User Manual

Page 8

Configuring NAT

Overview

Introduction to NAT

Network Address Translation (NAT) provides a way of translating the IP address in an IP packet header

to another IP address. In practice, NAT is primarily used to allow users using private IP addresses to

access public networks. With NAT, a small number of public IP addresses are used to enable a large

number of internal hosts to access the Internet. Thus, NAT effectively alleviates the depletion of IP
addresses.

NOTE:
•

A private or internal IP address is used only in an internal network, whereas a public or external IP address is
used on the Internet and is globally unique.

•

According to RFC 1918, three blocks of IP addresses are reserved for private networks:

{

In Class A: 10.0.0.0 to 10.255.255.255,

{

In Class B: 172.16.0.0 to 172.31.255.255,

{

In Class C: 192.168.0.0 to 192.168.255.255.

•

No host with an IP address in the three ranges exists on the Internet. You can use those IP addresses in an

enterprise network freely without requesting them from an ISP or a registration center.

•

In addition to translating private addresses to public addresses, NAT can also perform address translation

between any two networks. In this document, the two networks refer to an internal network and an external
network. Typically, a private network is an internal network, and a public network is an external network.

Figure 1 NAT operation

The internal host with an IP address of 192.168.1.3 sends an IP packet to the external server with
an IP address of 1.1.1.2 through the NAT device.

Upon receiving the packet, the NAT device checks the IP header and finds that it is destined to the

external network. Then it translates the private address 192.168.1.3 to the globally unique public
address 20.1.1.1 and then forwards the packet to the server on the external network. Meanwhile,

the NAT device adds the mapping of the two addresses into its NAT table.

The external server responds to the internal host with an IP packet whose destination IP address is
20.1.1.1. Upon receiving the packet, the NAT device checks the IP header, looks into its NAT

192.168.1.3

Src : 192.168.1.3
Dst : 1.1.1.2

Src : 20.1.1.1
Dst : 1.1.1.2

192.168.1.1

20.1.1.1

Src : 1.1.1.2
Dst : 20.1.1.1

Src : 1.1.1.2
Dst : 192.168.1.3

1.1.1.2

Server

Host

NAT

Intranet

Internet

Before NAT

192.168.1.3

After NAT

20.1.1.1

Direction

Outbound

This manual is related to the following products:

H3C SecPath F5000-A5 Firewall H3C SecPath F1000-A-EI H3C SecPath F1000-E-SI H3C SecPath F1000-S-AI H3C SecPath F5000-S Firewall H3C SecPath F5000-C Firewall H3C SecPath F100-C-SI H3C SecPath F1000-C-SI H3C SecPath F100-A-SI