ibm-information-center/dist/eclipse/plugins/i5OS.ic.rzajb_5.4.0.1/rzajbrzajb4natsd.htm

93 lines
6.4 KiB
HTML

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en-us" xml:lang="en-us">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="security" content="public" />
<meta name="Robots" content="index,follow" />
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
<meta name="DC.Type" content="concept" />
<meta name="DC.Title" content="Network address translation (NAT)" />
<meta name="abstract" content="Network address translation (NAT) allows you to access the Internet safely without having to change your private network IP addresses." />
<meta name="description" content="Network address translation (NAT) allows you to access the Internet safely without having to change your private network IP addresses." />
<meta name="DC.Relation" scheme="URI" content="rzajbrzajb1whatis.htm" />
<meta name="DC.Relation" scheme="URI" content="rzajbrzajb4astaticnat.htm" />
<meta name="DC.Relation" scheme="URI" content="rzajbrzajb4bhidenat.htm" />
<meta name="DC.Relation" scheme="URI" content="rzajbrzajb4dportnat.htm" />
<meta name="DC.Relation" scheme="URI" content="rzajbrzajb8a0creatingsd.htm" />
<meta name="copyright" content="(C) Copyright IBM Corporation 2000, 2006" />
<meta name="DC.Rights.Owner" content="(C) Copyright IBM Corporation 2000, 2006" />
<meta name="DC.Format" content="XHTML" />
<meta name="DC.Identifier" content="rzajb4-nat_sd" />
<meta name="DC.Language" content="en-us" />
<!-- All rights reserved. Licensed Materials Property of IBM -->
<!-- US Government Users Restricted Rights -->
<!-- Use, duplication or disclosure restricted by -->
<!-- GSA ADP Schedule Contract with IBM Corp. -->
<link rel="stylesheet" type="text/css" href="./ibmdita.css" />
<link rel="stylesheet" type="text/css" href="./ic.css" />
<title>Network address translation (NAT)</title>
</head>
<body id="rzajb4-nat_sd"><a name="rzajb4-nat_sd"><!-- --></a>
<!-- Java sync-link --><script language="Javascript" src="../rzahg/synch.js" type="text/javascript"></script>
<h1 class="topictitle1">Network address translation (NAT)</h1>
<div><p>Network address translation (NAT) allows you to access the Internet
safely without having to change your private network IP addresses.</p>
<p>IP addresses are depleting rapidly due to widespread Internet growth. Organizations
use private networks, which allows them to select any IP addresses they want.
However, if two companies have duplicate IP addresses and they attempt to
communicate with each other, they will have problems. In order to communicate
on the Internet, you must have a unique, registered address. Just as the name
implies, NAT is a mechanism that translates one Internet Protocol (IP) address
into another.</p>
<p>Packet rules contains three methods of NAT. You commonly use NAT to map
addresses (static NAT) or hide addresses (masquerade NAT). By hiding or mapping
addresses, NAT solves various addressing problems.</p>
<div class="section"><h4 class="sectiontitle">Example: Hide internal IP addresses from public knowledge</h4><p>You
are configuring an iSeries™ server as a public Web server. However, you
do not want external networks to know your server's real internal IP addresses.
You can create NAT rules that translate your private addresses to public addresses
that can access the Internet. In this instance, the true address of the server
remains hidden, making the server less vulnerable to attack.</p>
</div>
<div class="section"><h4 class="sectiontitle">Example: Convert an IP address for an internal host into a
different IP address</h4><p>You want private IP addresses on your internal
network to communicate with Internet hosts. To arrange this, you can convert
an IP address for an internal host into a different IP address. You must use
public IP addresses to communicate with Internet hosts. Therefore, you use
NAT to convert your private IP addresses to public addresses. This ensures
that IP traffic from your internal host is routed through the Internet.</p>
</div>
<div class="section"><h4 class="sectiontitle">Example: Make the IP addresses of two different networks
compatible</h4><p>You want to allow a host system in another network, such
as a vendor company, to communicate with a specific host in your internal
network. However, both networks use private addresses (10.x.x.x), which creates
a possible address conflict for routing the traffic between the two hosts.
To avoid conflict, you can use NAT to convert the address of your internal
host to a different IP address.</p>
</div>
</div>
<div>
<ul class="ullinks">
<li class="ulchildlink"><strong><a href="rzajbrzajb4astaticnat.htm">Static (map) NAT</a></strong><br />
Static (map) network address translation (NAT) provides a one-to-one mapping of private IP addresses to public IP addresses. It allows you to map an IP address on your internal network to an IP address that you want to make public.</li>
<li class="ulchildlink"><strong><a href="rzajbrzajb4bhidenat.htm">Masquerade (hide) NAT</a></strong><br />
Masquerade (hide) network address translation (NAT) allows you
to keep the outside world (outside the iSeries server) from knowing the actual
address of a personal computer. NAT routes traffic from your personal computer
to your iSeries server,
which essentially makes the iSeries server the gateway for your personal computer.</li>
<li class="ulchildlink"><strong><a href="rzajbrzajb4dportnat.htm">Masquerade (port-mapped) NAT</a></strong><br />
Port-mapped network address translation (NAT) is a variation of masquerade NAT.</li>
</ul>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="rzajbrzajb1whatis.htm" title="Packet rules comprise both network address translation (NAT) rules and IP filtering rules. These two functions run at the IP layer of the TCP/IP stack and help protect your system against potential risks that are commonly associated with TCP/IP traffic.">Packet rules concepts</a></div>
</div>
<div class="relref"><strong>Related reference</strong><br />
<div><a href="rzajbrzajb8a0creatingsd.htm" title="When you create a filter, you specify a rule that governs the IP traffic flow in and out of your system.">Create IP filter rules</a></div>
</div>
</div>
</body>
</html>