friedkiwi/ibm-information-center
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
6290434003
ibm-information-center/dist/eclipse/plugins/i5OS.ic.rzai2_5.4.0.1/rzai2nat.htm

97 lines
7.0 KiB
HTML
Raw Blame History

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en-us" xml:lang="en-us">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="security" content="public" />
<meta name="Robots" content="index,follow" />
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
<meta name="DC.Type" content="concept" />
<meta name="DC.Title" content="Network address translation method" />
<meta name="abstract" content="You can use i5/OS packet filtering to route traffic between a partition and the outside network." />
<meta name="description" content="You can use i5/OS packet filtering to route traffic between a partition and the outside network." />
<meta name="DC.Relation" scheme="URI" content="rzai2virtethernet.htm" />
<meta name="DC.Relation" scheme="URI" content="rzai2proxyarp.htm" />
<meta name="DC.Relation" scheme="URI" content="rzai2routing.htm" />
<meta name="DC.Relation" scheme="URI" content="rzai2virtethconsider.htm" />
<meta name="DC.Relation" scheme="URI" content="rzai2natenableveth.htm" />
<meta name="DC.Relation" scheme="URI" content="rzai2natcreatevethlind.htm" />
<meta name="DC.Relation" scheme="URI" content="rzai2natdataforward.htm" />
<meta name="DC.Relation" scheme="URI" content="rzai2natcreatevethifcs.htm" />
<meta name="DC.Relation" scheme="URI" content="rzai2natvfynetcom.htm" />
<meta name="DC.Relation" scheme="URI" content="rzai2natcreatepacketrules.htm" />
<meta name="DC.Relation" scheme="URI" content="rzai2natvfynetcomnat.htm" />
<meta name="copyright" content="(C) Copyright IBM Corporation 1998, 2006" />
<meta name="DC.Rights.Owner" content="(C) Copyright IBM Corporation 1998, 2006" />
<meta name="DC.Format" content="XHTML" />
<meta name="DC.Identifier" content="nat" />
<meta name="DC.Language" content="en-us" />
<!-- All rights reserved. Licensed Materials Property of IBM -->
<!-- US Government Users Restricted Rights -->
<!-- Use, duplication or disclosure restricted by -->
<!-- GSA ADP Schedule Contract with IBM Corp. -->
<link rel="stylesheet" type="text/css" href="./ibmdita.css" />
<link rel="stylesheet" type="text/css" href="./ic.css" />
<title>Network address translation method</title>
</head>
<body id="nat"><a name="nat"><!-- --></a>
<!-- Java sync-link --><script language="Javascript" src="../rzahg/synch.js" type="text/javascript"></script>
<h1 class="topictitle1">Network address translation method</h1>
<div><p>You can use i5/OS™ packet filtering to route traffic between a partition
and the outside network.</p>
<p>Network address translation (NAT) can route traffic between your virtual
Ethernet network and the external network. This particular form of NAT is
called static NAT, and it will allow both inbound and outbound IP traffic
to and from the virtual Ethernet network. Other forms of NAT like masquerade
NAT also work if your virtual Ethernet network does not need to receive traffic
initiated by external clients. Like the TCP/IP routing and proxy ARP methods,
you can take advantage of your existing i5/OS network connection. Since you will
be using IP packet rules, you must use iSeries™ Navigator to create and apply
your rules.</p>
<p>The following figure is an example of using NAT to connect your virtual
Ethernet network to an external network. The <samp class="codeph">10.1.1.<em>x</em></samp> network
represents an external network while the <samp class="codeph">192.168.1.<em>x</em></samp> network
represents the virtual Ethernet network.</p>
<br /><img src="rzai2506.gif" alt="Figure illustrates virtual TCP/IP interfaces on partition A and partition B, the NAT interface for the partition A and the external i5/OS interface" /><br /><p><img src="./delta.gif" alt="Start of change" />In this example, any existing TCP/IP traffic for the server
runs over the <samp class="codeph">10.1.1.2</samp> interface. A new interface 10.1.1.3
is created for communicating between the 10.1.1.x network and the 192.168.1.x
network. Because this is a static map scenario, the inbound traffic gets
translated from the <samp class="codeph">10.1.1.3</samp> interface to the <samp class="codeph">192.168.1.5</samp> interface.
The outbound traffic gets translated from the <samp class="codeph">192.168.1.5</samp> interface
to the external <samp class="codeph">10.1.1.3</samp> interface. Partition A and partition
B use their virtual interfaces <samp class="codeph">192.168.1.1</samp> and <samp class="codeph">192.168.1.5</samp> to
communicate with one another.<img src="./deltaend.gif" alt="End of change" /></p>
<p>To make static NAT work, you need to first set up your i5/OS and TCP/IP
communications. Then you will create and apply some IP Packet rules. To configure
virtual Ethernet to use the NAT method, complete these configuration tasks:</p>
</div>
<div>
<ol>
<li class="olchildlink"><a href="rzai2natenableveth.htm">Step 1: Enable the logical partitions to participate in a virtual Ethernet</a><br />
</li>
<li class="olchildlink"><a href="rzai2natcreatevethlind.htm">Step 2: Create the Ethernet line descriptions</a><br />
</li>
<li class="olchildlink"><a href="rzai2natdataforward.htm">Step 3: Turn on IP datagram forwarding</a><br />
</li>
<li class="olchildlink"><a href="rzai2natcreatevethifcs.htm">Step 4: Create the interfaces</a><br />
</li>
<li class="olchildlink"><a href="rzai2natvfynetcom.htm">Step 5: Verify network communications</a><br />
</li>
<li class="olchildlink"><a href="rzai2natcreatepacketrules.htm">Step 6: Create packet rules</a><br />
</li>
<li class="olchildlink"><a href="rzai2natvfynetcomnat.htm">Step 7: Verify network communications</a><br />
</li>
</ol>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="rzai2virtethernet.htm" title="You can take advantage of virtual Ethernet on i5/OS.">TCP/IP techniques connecting virtual Ethernet to external LANs</a></div>
</div>
<div class="relconcepts"><strong>Related concepts</strong><br />
<div><a href="rzai2proxyarp.htm" title="This proxy Address Resolution Protocol (ARP) method uses transparent subnetting to associate a partition's virtual interface with an external interface. Proxy ARP function is built into the TCP/IP stack. If you have the necessary IP addresses, this approach is recommended.">Proxy Address Resolution Protocol method</a></div>
<div><a href="rzai2routing.htm" title="Standard TCP/IP routing is used to route traffic to the virtual Ethernet network in the same way you define routing to any other LAN. This requires that you update routing information throughout your network.">TCP/IP routing method</a></div>
<div><a href="rzai2virtethconsider.htm" title="You can use virtual Ethernet as an alternative to using a network card for interpartition communication.">Virtual Ethernet considerations</a></div>
</div>
</div>
</body>
</html>
Reference in New Issue View Git Blame Copy Permalink