Overview
The
is capable of functioning as the only edge device between the office LAN and the ISP connected WAN. The
implements Network Address Translation (NAT) functionality providing internet connectivity between hosts on a local, private network, and the public domain. NAT and port forwarding on the
are configured independently. However, in most cases NAT is required in order to enable hosts on the private network to reach the external network.
Private vs. Public IP Addresses
recommends that you use non-routable address assignments, however private non-routable addresses are not required. For more information about non-routable address assignments refer to
RFC 1918.
IPv4 vs IPv6
The NAT functionality of the
applies only to IPv4 Addresses.
Configuration
Configuration Example
The following is an example of an
configured to function as an edge device with a private LAN and external WAN interfaces. In the illustrated example, PCs, IP phones, and servers attached to Interface 1 on the
with private, IP addresses are able to communicate with the public network attached to Interface 2 when NAT is configured.
Address and Port Forwarding on the
The Network Address Translation feature on allows you to configure Network Port Translation (NAPT) and port forwarding (PF) independently. The
system employs NAPT rather than basic NAT (see RFC 3022 for more information) such that the
only exposes a single IP address (Node IP Address) to the public network instead of a range of IP addresses.
If you intend to use both NAT and port forwarding,
recommends that you first make sure that the NAT configuration is tested and working properly.
General Feature Configuration
The feature must be configured such that distinct private and public (external) networks are connected to separate Ethernet (ETH1 and ETH2) interfaces. The
logical interfaces are
specified in the
NAT Interface Table page of the UI. The private networks are all networks not connected to the external (public) interface.
Network devices and servers connected to the private network must be configured such that the
private interface is specified as their gateway address.
Secondary IP Address Restrictions
Neither the internal (private) or the external (public) network may be connected to a secondary IP address.
Access Control List (ACL) Restrictions
If you are using ACLs, you must assure that the defined rules do not block the forwarded port connections. For more information about Access Control Lists on the
see:
Managing Access Control Lists.
Maximum Port Forwarding Entries
The Port Forwarding Table is limited to a maximum of 20 entries.
Internal Device Firewall Settings
When port forwarding is used, assure that the firewall (if applicable) on the destination device or server allows traffic to through those ports specified in the port forwarding table entry associated with the device's IP address.
Reserved TCP and UDP Ports
There are a number of ports that are reserved by the
for internal functions, none of which may be specified when configuring port forwarding. A list of reserved ports can be found on the
Creating and Modifying Entries to the NAT Port Forward Table documentation page.