93 lines
5.6 KiB
HTML
93 lines
5.6 KiB
HTML
|
<?xml version="1.0" encoding="UTF-8"?>
|
||
|
<!DOCTYPE html
|
||
|
PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
|
||
|
<html lang="en-us" xml:lang="en-us">
|
||
|
<head>
|
||
|
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
|
||
|
<meta name="security" content="public" />
|
||
|
<meta name="Robots" content="index,follow" />
|
||
|
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
|
||
|
<meta name="DC.Type" content="concept" />
|
||
|
<meta name="DC.Title" content="Masquerade (port-mapped) NAT" />
|
||
|
<meta name="abstract" content="Port-mapped network address translation (NAT) is a variation of masquerade NAT." />
|
||
|
<meta name="description" content="Port-mapped network address translation (NAT) is a variation of masquerade NAT." />
|
||
|
<meta name="DC.Relation" scheme="URI" content="rzajbrzajb4natsd.htm" />
|
||
|
<meta name="copyright" content="(C) Copyright IBM Corporation 2000, 2006" />
|
||
|
<meta name="DC.Rights.Owner" content="(C) Copyright IBM Corporation 2000, 2006" />
|
||
|
<meta name="DC.Format" content="XHTML" />
|
||
|
<meta name="DC.Identifier" content="rzajb4d-portnat" />
|
||
|
<meta name="DC.Language" content="en-us" />
|
||
|
<!-- All rights reserved. Licensed Materials Property of IBM -->
|
||
|
<!-- US Government Users Restricted Rights -->
|
||
|
<!-- Use, duplication or disclosure restricted by -->
|
||
|
<!-- GSA ADP Schedule Contract with IBM Corp. -->
|
||
|
<link rel="stylesheet" type="text/css" href="./ibmdita.css" />
|
||
|
<link rel="stylesheet" type="text/css" href="./ic.css" />
|
||
|
<title>Masquerade (port-mapped) NAT</title>
|
||
|
</head>
|
||
|
<body id="rzajb4d-portnat"><a name="rzajb4d-portnat"><!-- --></a>
|
||
|
<!-- Java sync-link --><script language="Javascript" src="../rzahg/synch.js" type="text/javascript"></script>
|
||
|
<h1 class="topictitle1">Masquerade (port-mapped) NAT</h1>
|
||
|
<div><p>Port-mapped network address translation (NAT) is a variation of
|
||
|
masquerade NAT.</p>
|
||
|
<p>How do they differ? In port-mapped NAT you can specify both the IP address
|
||
|
and the port number to translate. This allows both your internal personal
|
||
|
computer and the external workstation to initiate IP traffic. You can use
|
||
|
this if the external workstation (or client) wants to access workstations
|
||
|
or servers inside your network. Only IP traffic that matches both the IP address
|
||
|
and the port number is allowed access. Here is how it works:</p>
|
||
|
<div class="section"><h4 class="sectiontitle">Internal initiation</h4><p>When the internal personal computer
|
||
|
with <em>Address 1: Port 1</em> initiates traffic to an outside workstation,
|
||
|
the translating code will check the NAT rule file for <em>Address 1: Port 1</em>.
|
||
|
If both the source IP address (Address 1) and the source port number (Port
|
||
|
1) match the NAT rule, then NAT starts the conversation and performs the translation.
|
||
|
The specified values from the NAT rule replace the IP source address and source
|
||
|
port number. <em>Address 1: Port 1</em> is replaced with <em>Address 2: Port
|
||
|
2</em>.</p>
|
||
|
</div>
|
||
|
<div class="section"><h4 class="sectiontitle">External initiation</h4><p>An external workstation initiates
|
||
|
IP traffic with the destination IP address of <em>Address 2</em>. The destination
|
||
|
port number is <em>Port 2</em>. The NAT server will untranslate the datagram
|
||
|
with or without an existing conversation. In other words, NAT will automatically
|
||
|
create a conversation if one does not already exist. <em>Address 2: Port 2</em> is
|
||
|
untranslated to <em>Address 1: Port 1</em>.</p>
|
||
|
</div>
|
||
|
<div class="section"><p>The following list highlights the features of masquerade port-mapped
|
||
|
NAT:</p>
|
||
|
<ul><li>One-to-one relationship.</li>
|
||
|
<li>External and internal network initiation.</li>
|
||
|
<li>The registered address the private address hides behind must be defined
|
||
|
on the iSeries™ server
|
||
|
performing the NAT operations.</li>
|
||
|
<li>IP traffic outside of NAT operations cannot use the registered address.
|
||
|
However, if this address attempts to use a port number that matches the hidden
|
||
|
port in the NAT rule, then the traffic will be translated. The interface will
|
||
|
be unusable.</li>
|
||
|
<li>Typically the port numbers are mapped to well-known port numbers, so extra
|
||
|
information is not necessary. For example, you can run an HTTP server bound
|
||
|
to port 5123, then map this to the public IP and port 80. If you want to hide
|
||
|
an internal port number behind another (uncommon) port number, the client
|
||
|
needs to be physically told the value of the destination port number. If not,
|
||
|
it is difficult for communication to occur.</li>
|
||
|
</ul>
|
||
|
</div>
|
||
|
<div class="section"><div class="note"><span class="notetitle">Note:</span> <ul><li>You must set <samp class="codeph">MAXCON</samp> high enough to accommodate the number
|
||
|
of conversations you want to use. For example, if you are using FTP, your
|
||
|
personal computer will have two conversations active. You will need to set <samp class="codeph">MAXCON</samp> high
|
||
|
enough to accommodate multiple conversations for each personal computer. The
|
||
|
default value is <samp class="codeph">128</samp>.</li>
|
||
|
<li>Masquerade NAT only supports the following protocols: TCP, UDP, and ICMP.</li>
|
||
|
<li>Whenever you use NAT, you must enable IP forwarding. Use the Change TCP/IP
|
||
|
Attributes (CHGTCPA) command to verify that IP datagram forwarding is set
|
||
|
to <samp class="codeph">YES</samp>.</li>
|
||
|
</ul>
|
||
|
</div>
|
||
|
</div>
|
||
|
</div>
|
||
|
<div>
|
||
|
<div class="familylinks">
|
||
|
<div class="parentlink"><strong>Parent topic:</strong> <a href="rzajbrzajb4natsd.htm" title="Network address translation (NAT) allows you to access the Internet safely without having to change your private network IP addresses.">Network address translation (NAT)</a></div>
|
||
|
</div>
|
||
|
</div>
|
||
|
</body>
|
||
|
</html>
|