ibm-information-center/dist/eclipse/plugins/i5OS.ic.rzajw_5.4.0.1/rzajwaddmasq.htm

88 lines
6.0 KiB
HTML
Raw Normal View History

2024-04-02 14:02:31 +00:00
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en-us" xml:lang="en-us">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="security" content="public" />
<meta name="Robots" content="index,follow" />
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
<meta name="DC.Type" content="concept" />
<meta name="DC.Title" content="Masquerade NAT" />
<meta name="abstract" content="This topic describes how masquerade NAT works in a network." />
<meta name="description" content="This topic describes how masquerade NAT works in a network." />
<meta name="DC.Relation" scheme="URI" content="rzajwnat.htm" />
<meta name="DC.Relation" scheme="URI" content="rzajwinbndmasqproc.htm" />
<meta name="DC.Relation" scheme="URI" content="rzajwoutbndmasqproc.htm" />
<meta name="copyright" content="(C) Copyright IBM Corporation 1998, 2006" />
<meta name="DC.Rights.Owner" content="(C) Copyright IBM Corporation 1998, 2006" />
<meta name="DC.Format" content="XHTML" />
<meta name="DC.Identifier" content="rzajwaddmasq1" />
<meta name="DC.Language" content="en-us" />
<!-- All rights reserved. Licensed Materials Property of IBM -->
<!-- US Government Users Restricted Rights -->
<!-- Use, duplication or disclosure restricted by -->
<!-- GSA ADP Schedule Contract with IBM Corp. -->
<link rel="stylesheet" type="text/css" href="./ibmdita.css" />
<link rel="stylesheet" type="text/css" href="./ic.css" />
<title>Masquerade NAT</title>
</head>
<body id="rzajwaddmasq1"><a name="rzajwaddmasq1"><!-- --></a>
<!-- Java sync-link --><script language="Javascript" src="../rzahg/synch.js" type="text/javascript"></script>
<h1 class="topictitle1">Masquerade NAT</h1>
<div><p>This topic describes how masquerade NAT works in a network.</p>
<p>Masquerade NAT is used to allow your private network to hide behind, as
well as be represented by, the address bound to the public interface. In many
situations, this is the address that has been assigned by an Internet service
provider (ISP), and the address can be dynamic in the case of a Point-to-Point
Protocol (PPP) connection. This type of translation can only be used for connections
originating within the private network destined for the outside public network.
Each outbound connection is maintained by using a different source IP port
number.</p>
<p>Masquerade NAT allows workstations with private IP addresses to communicate
with hosts on the Internet using iSeries™ server. iSeries server has an IP address assigned
by the local ISP as its Internet gateway. The term locally attached machine
is used to refer to all machines on an internal network regardless of the
method of attachment (LAN or WAN) and regardless of the distance of the connection.
The term external machines is used to refer to machines located on the Internet.
The following figure illustrates how Masquerade NAT works.</p>
<br /><img src="rzajw507.gif" alt="Masquerade NAT" /><br /><p>To the Internet, all of your workstations appear to be contained within
your iSeries server;
that is, only one IP address is associated with both your iSeries server
and your workstations. When a router receives a packet intended for your workstation,
it attempts to determine what address on the internal LAN should receive the
packet and sends it there.</p>
<p>Each workstation must be set up so that iSeries server is its gateway and also
its default destination. The correspondence between a particular communication
connection (port) and a workstation is set up when one of your workstations
sends a packet to iSeries server to be sent to the Internet. The masquerade
NAT function saves the port number so that when it receives responses to your
workstation's packet over that connection, it can send the response to the
correct workstation.</p>
<p>A record of active port connections and the last access time by either
end of the connection is created and maintained by masquerade NAT. These records
are periodically purged of all connections that are idle for a predetermined
amount of time based on the assumption that an idle link is no longer in use.</p>
<p>All communication between your workstation and the Internet must be initiated
by locally attached machines. This is an effective security firewall; the
Internet knows nothing of the existence of your workstations, and it cannot
broadcast those addresses to the Internet.</p>
<p>A key to masquerade NAT implementation is the use of logical ports, issued
by masquerade NAT to distinguish between the various communication streams.
TCP contains a source and a destination port number. To these designations,
NAT adds a logical port number.</p>
</div>
<div>
<ul class="ullinks">
<li class="ulchildlink"><strong><a href="rzajwinbndmasqproc.htm">Inbound masquerade NAT processing (response and other)</a></strong><br />
This process, which is the partner of outbound masquerade NAT processing, unfolds the corresponding outbound message to get right source workstation information.</li>
<li class="ulchildlink"><strong><a href="rzajwoutbndmasqproc.htm">Outbound masquerade NAT processing</a></strong><br />
This process replaces the source port of an outbound message with a unique logical port number when the message is sent from the private LAN to the Internet.</li>
</ul>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="rzajwnat.htm" title="Routing with network address translation (NAT) lets you access remote networks, such as the Internet, while protecting your private network by masking IP addresses that are used on the private network. This topic discusses the kinds of NAT that iSeries server supports and why you might want to use them.">Routing with network address translation</a></div>
</div>
</div>
</body>
</html>