friedkiwi/ibm-information-center
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
master
ibm-information-center/dist/eclipse/plugins/i5OS.ic.rzajb_5.4.0.1/rzajbrzajb4dportnat.htm

93 lines
5.6 KiB
HTML
Raw Permalink Blame History

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en-us" xml:lang="en-us">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="security" content="public" />
<meta name="Robots" content="index,follow" />
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
<meta name="DC.Type" content="concept" />
<meta name="DC.Title" content="Masquerade (port-mapped) NAT" />
<meta name="abstract" content="Port-mapped network address translation (NAT) is a variation of masquerade NAT." />
<meta name="description" content="Port-mapped network address translation (NAT) is a variation of masquerade NAT." />
<meta name="DC.Relation" scheme="URI" content="rzajbrzajb4natsd.htm" />
<meta name="copyright" content="(C) Copyright IBM Corporation 2000, 2006" />
<meta name="DC.Rights.Owner" content="(C) Copyright IBM Corporation 2000, 2006" />
<meta name="DC.Format" content="XHTML" />
<meta name="DC.Identifier" content="rzajb4d-portnat" />
<meta name="DC.Language" content="en-us" />
<!-- All rights reserved. Licensed Materials Property of IBM -->
<!-- US Government Users Restricted Rights -->
<!-- Use, duplication or disclosure restricted by -->
<!-- GSA ADP Schedule Contract with IBM Corp. -->
<link rel="stylesheet" type="text/css" href="./ibmdita.css" />
<link rel="stylesheet" type="text/css" href="./ic.css" />
<title>Masquerade (port-mapped) NAT</title>
</head>
<body id="rzajb4d-portnat"><a name="rzajb4d-portnat"><!-- --></a>
<!-- Java sync-link --><script language="Javascript" src="../rzahg/synch.js" type="text/javascript"></script>
<h1 class="topictitle1">Masquerade (port-mapped) NAT</h1>
<div><p>Port-mapped network address translation (NAT) is a variation of
masquerade NAT.</p>
<p>How do they differ? In port-mapped NAT you can specify both the IP address
and the port number to translate. This allows both your internal personal
computer and the external workstation to initiate IP traffic. You can use
this if the external workstation (or client) wants to access workstations
or servers inside your network. Only IP traffic that matches both the IP address
and the port number is allowed access. Here is how it works:</p>
<div class="section"><h4 class="sectiontitle">Internal initiation</h4><p>When the internal personal computer
with <em>Address 1: Port 1</em> initiates traffic to an outside workstation,
the translating code will check the NAT rule file for <em>Address 1: Port 1</em>.
If both the source IP address (Address 1) and the source port number (Port
1) match the NAT rule, then NAT starts the conversation and performs the translation.
The specified values from the NAT rule replace the IP source address and source
port number. <em>Address 1: Port 1</em> is replaced with <em>Address 2: Port
2</em>.</p>
</div>
<div class="section"><h4 class="sectiontitle">External initiation</h4><p>An external workstation initiates
IP traffic with the destination IP address of <em>Address 2</em>. The destination
port number is <em>Port 2</em>. The NAT server will untranslate the datagram
with or without an existing conversation. In other words, NAT will automatically
create a conversation if one does not already exist. <em>Address 2: Port 2</em> is
untranslated to <em>Address 1: Port 1</em>.</p>
</div>
<div class="section"><p>The following list highlights the features of masquerade port-mapped
NAT:</p>
<ul><li>One-to-one relationship.</li>
<li>External and internal network initiation.</li>
<li>The registered address the private address hides behind must be defined
on the iSeries™ server
performing the NAT operations.</li>
<li>IP traffic outside of NAT operations cannot use the registered address.
However, if this address attempts to use a port number that matches the hidden
port in the NAT rule, then the traffic will be translated. The interface will
be unusable.</li>
<li>Typically the port numbers are mapped to well-known port numbers, so extra
information is not necessary. For example, you can run an HTTP server bound
to port 5123, then map this to the public IP and port 80. If you want to hide
an internal port number behind another (uncommon) port number, the client
needs to be physically told the value of the destination port number. If not,
it is difficult for communication to occur.</li>
</ul>
</div>
<div class="section"><div class="note"><span class="notetitle">Note:</span> <ul><li>You must set <samp class="codeph">MAXCON</samp> high enough to accommodate the number
of conversations you want to use. For example, if you are using FTP, your
personal computer will have two conversations active. You will need to set <samp class="codeph">MAXCON</samp> high
enough to accommodate multiple conversations for each personal computer. The
default value is <samp class="codeph">128</samp>.</li>
<li>Masquerade NAT only supports the following protocols: TCP, UDP, and ICMP.</li>
<li>Whenever you use NAT, you must enable IP forwarding. Use the Change TCP/IP
Attributes (CHGTCPA) command to verify that IP datagram forwarding is set
to <samp class="codeph">YES</samp>.</li>
</ul>
</div>
</div>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="rzajbrzajb4natsd.htm" title="Network address translation (NAT) allows you to access the Internet safely without having to change your private network IP addresses.">Network address translation (NAT)</a></div>
</div>
</div>
</body>
</html>
Reference in New Issue View Git Blame Copy Permalink