66 lines
4.2 KiB
HTML
66 lines
4.2 KiB
HTML
<?xml version="1.0" encoding="UTF-8"?>
|
|
<!DOCTYPE html
|
|
PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
|
|
<html lang="en-us" xml:lang="en-us">
|
|
<head>
|
|
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
|
|
<meta name="security" content="public" />
|
|
<meta name="Robots" content="index,follow" />
|
|
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
|
|
<meta name="DC.Type" content="task" />
|
|
<meta name="DC.Title" content="Inbound masquerade NAT processing (response and other)" />
|
|
<meta name="abstract" content="This process, which is the partner of outbound masquerade NAT processing, unfolds the corresponding outbound message to get right source workstation information." />
|
|
<meta name="description" content="This process, which is the partner of outbound masquerade NAT processing, unfolds the corresponding outbound message to get right source workstation information." />
|
|
<meta name="DC.Relation" scheme="URI" content="rzajwaddmasq.htm" />
|
|
<meta name="copyright" content="(C) Copyright IBM Corporation 1998, 2006" />
|
|
<meta name="DC.Rights.Owner" content="(C) Copyright IBM Corporation 1998, 2006" />
|
|
<meta name="DC.Format" content="XHTML" />
|
|
<meta name="DC.Identifier" content="inboundmasqueradenatproc" />
|
|
<meta name="DC.Language" content="en-us" />
|
|
<!-- All rights reserved. Licensed Materials Property of IBM -->
|
|
<!-- US Government Users Restricted Rights -->
|
|
<!-- Use, duplication or disclosure restricted by -->
|
|
<!-- GSA ADP Schedule Contract with IBM Corp. -->
|
|
<link rel="stylesheet" type="text/css" href="./ibmdita.css" />
|
|
<link rel="stylesheet" type="text/css" href="./ic.css" />
|
|
<title>Inbound masquerade NAT processing (response and other)</title>
|
|
</head>
|
|
<body id="inboundmasqueradenatproc"><a name="inboundmasqueradenatproc"><!-- --></a>
|
|
<!-- Java sync-link --><script language="Javascript" src="../rzahg/synch.js" type="text/javascript"></script>
|
|
<h1 class="topictitle1">Inbound masquerade NAT processing (response and other)</h1>
|
|
<div><p>This process, which is the partner of outbound masquerade NAT processing,
|
|
unfolds the corresponding outbound message to get right source workstation
|
|
information.</p>
|
|
<div class="section"><p>The inbound message in the previous figure is a packet
|
|
from the Internet to your private LAN. For inbound datagrams, the destination
|
|
port number is the local port number. (For inbound messages, the source port
|
|
number is the external port number. For outbound messages, the destination
|
|
port number is the external port number.)</p>
|
|
<p>Response messages returning
|
|
from the Internet bound for a locally attached machine have a masquerade-assigned
|
|
logical port number as the destination port number in the transport layer
|
|
header. The masquerade NAT inbound processing steps are:</p>
|
|
</div>
|
|
<ol><li><span>Masquerade NAT searches its database for this logical port number
|
|
(source port). If it is not found, the packet is assumed to be an unsolicited
|
|
packet, and the packet is returned to the caller unchanged. It is then handled
|
|
as a normal unknown destination.</span></li>
|
|
<li><span>If a matching logical port number is found, a further check is
|
|
made to determine that the source IP address matches the destination IP address
|
|
of the existing logical port number table entry. If it matches, the original
|
|
local machine's port number replaces the source port in the IP header. If
|
|
the check fails, the packet is returned unchanged.</span></li>
|
|
<li><span>The local matching IP addresses are placed in the packet IP destination.</span></li>
|
|
<li><span>The packet is then processed, as usual by IP or TCP, and ends up
|
|
at the correct locally attached machine. Because masquerade NAT requires a
|
|
logical port number to determine the correct source and destination port addresses,
|
|
masquerade NAT is incapable of handling unsolicited datagrams from the Internet.</span></li>
|
|
</ol>
|
|
</div>
|
|
<div>
|
|
<div class="familylinks">
|
|
<div class="parentlink"><strong>Parent topic:</strong> <a href="rzajwaddmasq.htm" title="This topic describes how masquerade NAT works in a network.">Masquerade NAT</a></div>
|
|
</div>
|
|
</div>
|
|
</body>
|
|
</html> |