NAT and SuperNAT
Network Address
Translation (NAT) is a standard IP service which allows for the
translation of one IP address into another IP address. NAT has been enhanced to provide a set of advanced services called SuperNAT. SuperNAT includes a powerful Proxy Service, Port Address translation (sometimes called PAT) and Application Specific Gateways (ASGs) as well as other capabilities defines below.
Network Address Translation
(NAT) for up to 32 internal to external host IP address mappings
The standard NAT service defined in RFC 1631. An Internal (non globally unique) IP address is translated into an
External (Globally unique) IP address defined in a SNMP MIB table (TABLE
mode). Up to
32 such entries may be defined. Air-Frame provides a number of powerful enhancements to standard NAT
to create a set of services called 'SuperNAT'.
SuperNAT allows any internal (local)
host to be excluded from routing services.
An External IP address of 0.0.0.0 is used by Air-Frame to
indicate that no forwarding service for the Internal IP address is to be
provided, thus barring the Host/PC from external communications.
SuperNAT ‘Thin Proxy’ mode where
1 IP address is used for unlimited internal (local)
host translations.
The Air-Frame 'Thin Proxy' service allows the user to map ALL
internal IP addresses (unlimited number) to a single External (Globally unique)
IP address. The External IP address may be Static (Fixed) or Dynamic as
required. This provides what Steam Packet Radio defines as a 'Thin Proxy'. The term 'Thin Proxy' is used to indicate that, as a consequence of using this approach, substantial
increases in performance can be obtained versus the 'bloat ware'
associated with many Classic (PC based) Proxies. The only loss of functionality
versus a Classic Proxy is that Web Page Caching services - provided by some
Classic Proxies - is not provided by the Thin Proxy. The SuperNAT service also
allows a range of user defined IP address to be excluded from the NAT service.
SuperNAT allows Standard NAT
plus 1 external IP address can be used as a ‘Thin Proxy’ for all other hosts.
SuperNAT allows the user to define a standard
set of NAT translations (up to 32 Internal to External IP address mapping)
and to designate one of the External IP addresses as a Thin Proxy address
i.e. ALL other Hosts/PCs not defined in the Internal to External map will
use this as the Thin Proxy IP address.
This feature is particularly useful where the user has a limited range of
external IP addresses
available to service a large number of PCs. Some of the IP addresses can be used
to provide externally visible services e.g. DNS, FTP, WEB servers or Video
Conferencing locations (these are Excluded from the NAT translation). All other
hosts will be mapped to a single IP address (they are included in the NAT
translation). This feature can also be used to define a single static Proxy IP
in a LAN to LAN proxy environment.
Port Maps (PAT) allow support of multiple types of servers on a single IP
A standard Proxy ('Thin Proxy' or 'Classic Proxy') service
handles outgoing connections very effectively. If the user wishes to provide
external access for certain purposes e.g. an FTP server, diagnostic access etc.
it is impossible. SuperNAT allows a Port Map (sometimes called PAT or Port
Address Translation) to be defined (with up to 16
entries). The Port Map allows the user to indicate that requests for a specific
Port (or Range of Ports) will be handled by (mapped to) a specific Internal IP
address. Using the PORT MAP it is possible to define any range of required
services that use unique port numbers e.g. an FTP server, a Web server a DNS
server etc., etc. may be mapped to one or more Internal PCs. This service allows
a user with only a single External IP address to provide any combination of
required services.
Automatic
support for remote NETBIOS (WINS) networks and remote DHCP servers.
The
Thin Proxy service detects and automatically enables requests from the local
network for DHCP and NETBIOS services. This feature allows you to log into and
access remote NETBIOS (or WINS) networks over the Internet or to use remote DHCP
servers from behind the Proxy without the need for any further configuration.
Proxy DNS Feature simplifies re-configuration.
The Proxy DNS feature is used in conjunction with the
Thin Proxy service. This feature will allow you to configure all your PCs
with a DNS address (typically of your Router) that does not have to change
if you change ISP or want to use a different DNS service. The only change
you have to make in the case of a DNS change is to your router’s
configuration.
Context sensitive support for active
(PORT) or Passive (PASV) FTP mode services.
The Port Map feature is context sensitive (or 'statefull').
Many applications use secondary ports in their normal operation, that is they
start communication using a 'well known' port but then transfer to another port.
FTP especially does this. The standard FTP 'well known' Port Number is actually
only the control port used to pass information e.g. filenames, directory names
etc.. When the user selects a file to transfer, a new (random) port is set up at
each end to handle the actual transfer. The Air-Frame Port Map feature inspects
the FTP control commands, identifies the new port being opened, and
automatically maps it to the same IP as used by the FTP control port.
User definable NAT
route (s) allow
router to be used in LAN to LAN, LAN to WAN, WAN to WAN configurations.
NAT services are defined at the 'Logical Route' level. It is possible to define any
Route to use NAT services. To illustrate, assume an Intranet where WarpTwo is being
used as an concentrator for a group of LAN and remote Hosts (PCs). These IP
addresses communicate with each without using a NAT service (an Intranet) when external
communication is required WarpTwo forwards the traffic to
another LAN router. This LAN to LAN route is defined
as the NAT route and uses a NAT service. There are many other network scenarios
where this capability can be used to both increase efficiency and to provide
flexible responses to network needs.
