AXISHK
asked on
Source and destination NAT
Source NAT changes the source address in IP header of a packet. It usually use for packets leaving your network.
Destination NAT changes the destination address in IP header of a packet. It usually use to redirect incoming packets with a destination of a public address/port to a private IP address/port inside your network.
On source NAT rule, I only need to configure a singe way out, and the return packet will be make use of the previous session to coming in, ie
Source NAT
-----------------
original source translated source
192.168.1.x 203.193.84.y
1. packet from 192.1681.x leaving the network to a 8.8.8.8 (destination) will do the source NAT translation :
source destination
203.193.84.y 8.8.8.8
2. return packet from destination 8.8.8.8 to source 203.193.84.y
source destination
8.8.8.8 203.193.84.y
#2 has not created on firewall but it can relate #1 rule to coming it, correct ?
Same concept also apply to destination NAT, correct ?
Destination NAT changes the destination address in IP header of a packet. It usually use to redirect incoming packets with a destination of a public address/port to a private IP address/port inside your network.
On source NAT rule, I only need to configure a singe way out, and the return packet will be make use of the previous session to coming in, ie
Source NAT
-----------------
original source translated source
192.168.1.x 203.193.84.y
1. packet from 192.1681.x leaving the network to a 8.8.8.8 (destination) will do the source NAT translation :
source destination
203.193.84.y 8.8.8.8
2. return packet from destination 8.8.8.8 to source 203.193.84.y
source destination
8.8.8.8 203.193.84.y
#2 has not created on firewall but it can relate #1 rule to coming it, correct ?
Same concept also apply to destination NAT, correct ?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
It depends entirely on what router you are using. With inexpensive routers you don't have to set up anything other than the LAN and WAN IP arrangements and whether or not to act as a DHCP server. With the fancier ones there is more to do. In general, it seems that you have to provide appropriate rules to allow traffic between different physical ports (different LAN ports and the WAN port) and enable NAT.
I would think it appropriate to start this over as a new thread with something such as: What is needed to configure my XYZ router for proper use? You would want to specify answers to at least the following:
Do you have a static or dynamic WAN IP with your ISP?
Are you going to use a single WAN IP?
Do you want all LAN ports to have equal access to each other and also to the WAN port? (You might want to have one LAN port that can't communicate with the others to be used as an "internet access only" connection.)
Do you want to have the router act as a DHCP server?
Do you have a need for VLANs to isolate traffic?
Do you have any need for the outside world to access devices inside your firewall, such as Email or Web servers or any type of remote access?
How much port blocking do you want to have? One approach is to allow all ports through. Another is to allow only the well-known (HTTP, HTTPS, SMTP, POP, etc.) ports through plus whatever special ones you need.
I'm sure that there are other questions that could be added to this list, but this should get you started.
I would think it appropriate to start this over as a new thread with something such as: What is needed to configure my XYZ router for proper use? You would want to specify answers to at least the following:
Do you have a static or dynamic WAN IP with your ISP?
Are you going to use a single WAN IP?
Do you want all LAN ports to have equal access to each other and also to the WAN port? (You might want to have one LAN port that can't communicate with the others to be used as an "internet access only" connection.)
Do you want to have the router act as a DHCP server?
Do you have a need for VLANs to isolate traffic?
Do you have any need for the outside world to access devices inside your firewall, such as Email or Web servers or any type of remote access?
How much port blocking do you want to have? One approach is to allow all ports through. Another is to allow only the well-known (HTTP, HTTPS, SMTP, POP, etc.) ports through plus whatever special ones you need.
I'm sure that there are other questions that could be added to this list, but this should get you started.
ASKER
Tks
ASKER
So, NAT and Firewall Rule only need to consider for LAN to WAN. I don't need to care for the returned route as the router (firewall) will handle the return path for me, correct ?
Tks again.