D-Link DFL-1600 User Manual page 133
Network security firewall
Hide thumbs
Also See for DFL-1600:
- Quick manual (22 pages) ,
- User manual (552 pages) ,
- Log reference manual (476 pages)
Table of Contents
Advertisement
14.2. Address Translation
the outside world, the whole private network is like one node using
one public IP address, and the inside structure and addresses of the
network is hidden. NAT depends on a machine on the local network
to initiate any connection to hosts on the other side of the firewall or
the router, it prevents malicious activity initiated by outside hosts
from reaching those local hosts. NAT-enabled firewalls, for example,
D-Link firewalls, handle all the translation and redirection work for
passing traffic and can provide ways to restrict access to the Internet
at the same time.
Flexibility of administration – NAT can be used to divide a large
network into several smaller ones. The smaller parts expose only one
IP address to the outside, which means that computers can be added
or removed without impacting external networks. D-Link firewalls
contain DHCP server, which allow clients to be configured
automatically. The administrator does not need to apply any change
to every computer in the internal network, for instance, if the DNS
server address changes, all clients will automatically start using the
new address the next time they contact the DHCP server.
How NAT works
In TCP/IP network communication, each IP packet contains a header with
the source and destination addresses and prot numbers (Source
address: source port — Destination address: destination port). This
combination completely defines a single connection. The addresses specify
the two end computers of the link, and the two port numbers guarantee
that every connection that belongs to a certain service is uniquely
identified. Each connection is originated from a unique source port number
in one end, and all reply packets from the other end contain the same
number as their destination port, so that the initiator can relate them back
to its correct connection.
A NAT-enabled firewall must change the source address on every outgoing
packet to be its single public address. It therefore also renumbers the source
port number to be unique, so that it can keep track of each connection.
The firewall uses a mapping table to relate the real local address and source
port plus its translated source port number to a destination address and
port. When it receives any returning packets, it can therefore reverse the
translation to route them back to the correct clients.
Because the mapping table relates complete connection information -
D-Link Firewalls User's Guide
113
Advertisement
Table of Contents
