ibm-information-center/dist/eclipse/plugins/i5OS.ic.rzajw_5.4.0.1/rzajwinbndmasqproc.htm

66 lines
4.2 KiB
HTML
Raw Normal View History

2024-04-02 14:02:31 +00:00
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en-us" xml:lang="en-us">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="security" content="public" />
<meta name="Robots" content="index,follow" />
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
<meta name="DC.Type" content="task" />
<meta name="DC.Title" content="Inbound masquerade NAT processing (response and other)" />
<meta name="abstract" content="This process, which is the partner of outbound masquerade NAT processing, unfolds the corresponding outbound message to get right source workstation information." />
<meta name="description" content="This process, which is the partner of outbound masquerade NAT processing, unfolds the corresponding outbound message to get right source workstation information." />
<meta name="DC.Relation" scheme="URI" content="rzajwaddmasq.htm" />
<meta name="copyright" content="(C) Copyright IBM Corporation 1998, 2006" />
<meta name="DC.Rights.Owner" content="(C) Copyright IBM Corporation 1998, 2006" />
<meta name="DC.Format" content="XHTML" />
<meta name="DC.Identifier" content="inboundmasqueradenatproc" />
<meta name="DC.Language" content="en-us" />
<!-- All rights reserved. Licensed Materials Property of IBM -->
<!-- US Government Users Restricted Rights -->
<!-- Use, duplication or disclosure restricted by -->
<!-- GSA ADP Schedule Contract with IBM Corp. -->
<link rel="stylesheet" type="text/css" href="./ibmdita.css" />
<link rel="stylesheet" type="text/css" href="./ic.css" />
<title>Inbound masquerade NAT processing (response and other)</title>
</head>
<body id="inboundmasqueradenatproc"><a name="inboundmasqueradenatproc"><!-- --></a>
<!-- Java sync-link --><script language="Javascript" src="../rzahg/synch.js" type="text/javascript"></script>
<h1 class="topictitle1">Inbound masquerade NAT processing (response and other)</h1>
<div><p>This process, which is the partner of outbound masquerade NAT processing,
unfolds the corresponding outbound message to get right source workstation
information.</p>
<div class="section"><p>The inbound message in the previous figure is a packet
from the Internet to your private LAN. For inbound datagrams, the destination
port number is the local port number. (For inbound messages, the source port
number is the external port number. For outbound messages, the destination
port number is the external port number.)</p>
<p>Response messages returning
from the Internet bound for a locally attached machine have a masquerade-assigned
logical port number as the destination port number in the transport layer
header. The masquerade NAT inbound processing steps are:</p>
</div>
<ol><li><span>Masquerade NAT searches its database for this logical port number
(source port). If it is not found, the packet is assumed to be an unsolicited
packet, and the packet is returned to the caller unchanged. It is then handled
as a normal unknown destination.</span></li>
<li><span>If a matching logical port number is found, a further check is
made to determine that the source IP address matches the destination IP address
of the existing logical port number table entry. If it matches, the original
local machine's port number replaces the source port in the IP header. If
the check fails, the packet is returned unchanged.</span></li>
<li><span>The local matching IP addresses are placed in the packet IP destination.</span></li>
<li><span>The packet is then processed, as usual by IP or TCP, and ends up
at the correct locally attached machine. Because masquerade NAT requires a
logical port number to determine the correct source and destination port addresses,
masquerade NAT is incapable of handling unsolicited datagrams from the Internet.</span></li>
</ol>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="rzajwaddmasq.htm" title="This topic describes how masquerade NAT works in a network.">Masquerade NAT</a></div>
</div>
</div>
</body>
</html>