TW-H6W1IR ISDN Remote Router
80 Configuration and
Management
computer has no knowledge of the internal local network. In fact, the
local network is invisible to all computers outside of it, all information
about it being stored in the router’s NAT table. And this NAT table can
only be affected by computers from inside the local network. The router
will only add new entries or mappings to the NAT table when it
translates addresses on outbound packets. Thus, all traffic must
originate from inside the local network. If the router receives a packet
from the outside (from an intruder attempting to gain access to your
network, for example), the router will examine the source address of
the packet and look for a match in the NAT table in it’s attempt to
deliver it to the correct local computer. Since no entry for this address
exists in the NAT table, the router will drop this packet, denying the
potential intruder of any access.
If you wish, however, to give access to one of your computers to
people on the Internet (your company’s web server, for example), then
you must use a static NAT or NAPT assignment for them. When using
static NAT, you would choose one of the global IP addresses at your
disposal and map it directly to the local IP address of the web server.
Thus, any packets coming from the Internet to that specific global IP
address will always be routed to the web server. For static NAPT, you
map specific global IP port numbers to the local IP address and port
number. In both cases, the statically assigned IP address or port
number is taken out of the pool that the router uses in the normal
dynamic translation process, and the computer no longer benefits from
the security provided by the address translation process.
NAT
This section discusses the NAT protocol as opposed to NAPT which is
discussed in the next section.
