117 lines
8.1 KiB
HTML
117 lines
8.1 KiB
HTML
|
<?xml version="1.0" encoding="UTF-8"?>
|
||
|
<!DOCTYPE html
|
||
|
PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
|
||
|
<html lang="en-us" xml:lang="en-us">
|
||
|
<head>
|
||
|
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
|
||
|
<meta name="security" content="public" />
|
||
|
<meta name="Robots" content="index,follow" />
|
||
|
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
|
||
|
<meta name="DC.Type" content="concept" />
|
||
|
<meta name="DC.Title" content="Scenario: Map IP addresses using NAT" />
|
||
|
<meta name="abstract" content="In this scenario, your company uses static network address translation (NAT) to map its private IP addresses to public addresses." />
|
||
|
<meta name="description" content="In this scenario, your company uses static network address translation (NAT) to map its private IP addresses to public addresses." />
|
||
|
<meta name="DC.Relation" scheme="URI" content="rzajbrzajb0awhyip.htm" />
|
||
|
<meta name="DC.Relation" scheme="URI" content="rzajbrzajb8a1verifyingsd.htm" />
|
||
|
<meta name="DC.Relation" scheme="URI" content="rzajbactivaterules.htm" />
|
||
|
<meta name="DC.Relation" scheme="URI" content="rzajbrzajbttrouble.htm" />
|
||
|
<meta name="DC.Relation" scheme="URI" content="rzajbrzajb4astaticnat.htm" />
|
||
|
<meta name="copyright" content="(C) Copyright IBM Corporation 2000, 2006" />
|
||
|
<meta name="DC.Rights.Owner" content="(C) Copyright IBM Corporation 2000, 2006" />
|
||
|
<meta name="DC.Format" content="XHTML" />
|
||
|
<meta name="DC.Identifier" content="rzajb0d-example2" />
|
||
|
<meta name="DC.Language" content="en-us" />
|
||
|
<!-- All rights reserved. Licensed Materials Property of IBM -->
|
||
|
<!-- US Government Users Restricted Rights -->
|
||
|
<!-- Use, duplication or disclosure restricted by -->
|
||
|
<!-- GSA ADP Schedule Contract with IBM Corp. -->
|
||
|
<link rel="stylesheet" type="text/css" href="./ibmdita.css" />
|
||
|
<link rel="stylesheet" type="text/css" href="./ic.css" />
|
||
|
<title>Scenario: Map IP addresses using NAT</title>
|
||
|
</head>
|
||
|
<body id="rzajb0d-example2"><a name="rzajb0d-example2"><!-- --></a>
|
||
|
<!-- Java sync-link --><script language="Javascript" src="../rzahg/synch.js" type="text/javascript"></script>
|
||
|
<h1 class="topictitle1">Scenario: Map IP addresses using NAT</h1>
|
||
|
<div><p>In this scenario, your company uses static network address translation
|
||
|
(NAT) to map its private IP addresses to public addresses.</p>
|
||
|
<div class="section"><h4 class="sectiontitle">Situation</h4><p>You own a company, and you decide to start
|
||
|
a private network. However, you have never registered or acquired permission
|
||
|
to use public IP addresses. When you access the Internet, you find that your
|
||
|
company's address range is registered to someone else, so you think your current
|
||
|
setup is obsolete. You need to allow public users access to your Web server.
|
||
|
What should you do?</p>
|
||
|
</div>
|
||
|
<div class="section"><br /><img src="rzajb504.gif" alt="This picture shows
a network consisting of an iSeries (192.12.3.1) connected to the Internet.
Behind the server is a private network on token ring 10.10.1.0. On this ring
exists a personal computer with the IP address 10.10.1.1. The personal computer
(10.10.1.1) is mapped to the public IP address 192.12.3.1." /><br /></div>
|
||
|
<div class="section"><h4 class="sectiontitle">Solution</h4><p>You can use static NAT. Static NAT assigns
|
||
|
one original (private) address to one registered (public) address. Your iSeries™ server
|
||
|
maps this registered address to your private address. The registered address
|
||
|
allows your private address to communicate with the Internet. Essentially,
|
||
|
it forms a bridge between the two networks. Communication can then be initiated
|
||
|
from either network. </p>
|
||
|
</div>
|
||
|
<div class="section"><p>By using static NAT, you can keep all of your current internal
|
||
|
IP addresses and still access the Internet. You need to have one registered
|
||
|
IP address for each private address that accesses the Internet. For example,
|
||
|
if you have 12 users, you need 12 public IP addresses to map to your 12 private
|
||
|
addresses.</p>
|
||
|
</div>
|
||
|
<div class="section"><p>In this example, the NAT address, 192.12.3.1, sits unusable, like
|
||
|
a shell, waiting for information to come back. When the information returns,
|
||
|
NAT maps the address back to the personal computer. When static NAT is active,
|
||
|
any inbound traffic destined directly to the address 192.12.3.1 will never
|
||
|
get to that interface because it is only representing your internal address.
|
||
|
The real private address 10.10.1.1 is the actual destination, even though
|
||
|
(to the world outside the iSeries server) it appears that 192.12.3.1 is the
|
||
|
required IP address.</p>
|
||
|
</div>
|
||
|
<div class="section"><h4 class="sectiontitle">Configuration</h4><div class="p">To configure the packet rules described
|
||
|
in this scenario, you should use the <span class="uicontrol">Address Translation</span> wizard
|
||
|
in iSeries Navigator.
|
||
|
The wizard requires the following information: <ul><li>Private address you want to map: 10.10.1.1</li>
|
||
|
<li>Public address to which you want to map the private address: 192.12.3.1</li>
|
||
|
<li>The name of line over which the address mapping takes place: TRNLINE</li>
|
||
|
</ul>
|
||
|
</div>
|
||
|
</div>
|
||
|
<div class="section"><p>To use the <span class="uicontrol">Address Translation</span> wizard,
|
||
|
follow these steps:</p>
|
||
|
</div>
|
||
|
<div class="section"> <ol><li>In iSeries Navigator,
|
||
|
select <span class="menucascade"><span class="uicontrol"><var class="varname">your server</var></span> > <span class="uicontrol">Network</span> > <span class="uicontrol">IP policies</span></span> .</li>
|
||
|
<li>Right-click <span class="uicontrol">Packet Rules</span>, and select <span class="uicontrol">Rules
|
||
|
Editor</span>.</li>
|
||
|
<li>From the <span class="uicontrol">Welcome Packet Rules Configuration</span> dialog,
|
||
|
select <span class="uicontrol">Create a new packet rules file</span>, and click <span class="uicontrol">OK</span>.</li>
|
||
|
<li>From the <span class="uicontrol">Wizards</span> menu, select <span class="uicontrol">Address
|
||
|
Translation</span>, and follow the wizard's instructions to configure
|
||
|
the map address translation packet rules.</li>
|
||
|
</ol>
|
||
|
</div>
|
||
|
<div class="section"><p>The packet rules look like the following example:</p>
|
||
|
<br /><img src="rzajb507.gif" alt="How your packet rules look like" /><br /></div>
|
||
|
<div class="section"><p>After you finish creating these rules and any others you determine
|
||
|
you need, you should verify them to ensure that they will activate without
|
||
|
errors. After that, you can activate them. </p>
|
||
|
<div class="note"><span class="notetitle">Note:</span> The token ring line that is defined above (LINE=TRNLINE) must be the line
|
||
|
that 192.12.3.1 uses. This static NAT will not work if 10.10.1.1 uses the
|
||
|
defined token ring line above. Whenever you use NAT, you should also enable
|
||
|
IP forwarding. </div>
|
||
|
</div>
|
||
|
</div>
|
||
|
<div>
|
||
|
<div class="familylinks">
|
||
|
<div class="parentlink"><strong>Parent topic:</strong> <a href="rzajbrzajb0awhyip.htm" title="Use these scenarios to learn how you can use network address translation (NAT) and IP filtering to protect your network.">Scenarios: Packet rules</a></div>
|
||
|
</div>
|
||
|
<div class="relconcepts"><strong>Related concepts</strong><br />
|
||
|
<div><a href="rzajbrzajb4astaticnat.htm" title="Static (map) network address translation (NAT) provides a one-to-one mapping of private IP addresses to public IP addresses. It allows you to map an IP address on your internal network to an IP address that you want to make public.">Static (map) NAT</a></div>
|
||
|
</div>
|
||
|
<div class="reltasks"><strong>Related tasks</strong><br />
|
||
|
<div><a href="rzajbrzajb8a1verifyingsd.htm" title="Always verify your rules before you activate them. This helps ensure that the rules will be activated without problems.">Verify packet rules</a></div>
|
||
|
<div><a href="rzajbactivaterules.htm" title="Activating the packet rules that you create is the final step in configuring packet rules.">Activate packet rules</a></div>
|
||
|
</div>
|
||
|
<div class="relref"><strong>Related reference</strong><br />
|
||
|
<div><a href="rzajbrzajbttrouble.htm" title="This topic provides troubleshooting advice for some common packet rules problems.">Troubleshoot packet rules</a></div>
|
||
|
</div>
|
||
|
</div>
|
||
|
</body>
|
||
|
</html>
|