by Dennis Chan
Product Category Model No. OS
What is the definition for the different NAT flavours?
Description & File Attachment :
1) The NAPT Rule: Translating between private and public IP addresses
Follow these instructions to create a rule for translating the private IP addresses on your LAN to your public IP address. This type of rule uses the NAT flavor NAPT, which was used in your default configuration. The NAPT flavor translates private source IP addresses to a single public IP address.
2) The RDR Rule: Allowing External Access to a LAN Computer
The RDR flavor allows you to make a computer on your LAN, such as a Web or FTP server, available to Internet users without requiring you to obtain a public IP address for that computer. The computer's private IP address is translated to your public IP address in all incoming and outgoing data packets.
3) The Basic Rule: Performing 1:1 Translations
The Basic flavor translates the private (LAN-side) IP address to a public (WAN-side) address, like NAPT rules. However, unlike NAPT rules, Basic rules do not also translate the port numbers in the packet header; they are passed through untranslated. Therefore, the Basic rule does not provide the same level of security as the NAPT rule.
4)The Filter Rule: Configuring a Basic Rule with Additional Criteria
Like the Basic flavor, the Filter flavor translates public and private IP addresses on a one-to-one basis. The Filter flavor extends the capability of the Basic rule.
You can use the Filter rule if you want an address translation to occur only when your LAN computers initiate access to specific destinations. The destinations can be identified by their IP addresses, server type (such as FTP or Web server), or both.
5) The Bimap Rule: Performing Two-Way Translations
Unlike the other NAT flavors, the Bimap flavor performs address translations in both the outgoing and incoming directions.
In the incoming direction, when the specified device interface receives a packet with your public IP address as the destination address, this address is translated to the private IP address of a computer on your LAN. To the external computer, it appears as if the access is being made to the public IP address, when, in fact, it is communicating with a LAN computer.
In the outgoing direction, the private source IP address in a data packet is translated to the LAN's public IP address. To the rest of the Internet, it appears as if the data packet originated from the public IP address.
Bimap rules can be used to provide external access to a LAN device. They do not provide the same level of security as RDR rules, because RDR rules can also reroute incoming packets based on the port ID. Bimap rules do not account for the port number, and therefore allow external access regardless of the destination port type specified in the incoming packet.
6) The Pass Rule: Allowing Specific Addresses to Pass Through Untranslated
You can create a Pass rule to allow a range of IP addresses to remain untranslated even when another rule is defined that would otherwise perform a translation on them.