Table of Contents
Advertisement
Reference Manual for the ProSafe VPN Firewall FVS114
Single IP Address Operation Using NAT
In the past, if multiple PCs on a LAN needed to access the Internet simultaneously, you had to
obtain a range of IP addresses from the ISP. This type of Internet account is more costly than a
single-address account typically used by a single user with a modem, rather than a router. The
FVS114 VPN Firewall employs an address-sharing method called Network Address Translation
(NAT). This method allows several networked PCs to share an Internet account using only a single
IP address, which may be statically or dynamically assigned by your ISP.
The router accomplishes this address sharing by translating the internal LAN IP addresses to a
single address that is globally unique on the Internet. The internal LAN IP addresses can be either
private addresses or registered addresses. For more information about IP address translation, refer
to RFC 1631, The IP Network Address Translator (NAT).
The following figure illustrates a single IP address operation.
192.168.0.2
192.168.0.3
192.168.0.4
192.168.0.5
Figure B-3: Single IP Address Operation Using NAT
This scheme offers the additional benefit of firewall-like protection because the internal LAN
addresses are not available to the Internet through the translated connection. All incoming
inquiries are filtered out by the router. This filtering can prevent intruders from probing your
system. However, using port forwarding, you can allow one PC (for example, a Web server) on
your local network to be accessible to outside users.
B-8
Private IP addresses
assigned by user
192.168.0.1
172.21.15.105
202-10098-01, April 2005
IP addresses
assigned by ISP
Internet
7786EA
Network, Routing, and Firewall Basics
Advertisement
Table of Contents
Troubleshooting
