Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
One to One NAT of RV082
- Thread starter ironwill
- Start date
Webmeisterus
IS-IT--Management
- Apr 28, 2004
- 14
ironwill,
From the RV082 help
--------------------
One-to-One NAT creates a relationship which maps valid external addresses to internal addresses hidden by NAT. Machines with an internal address may be accessed at the corresponding external valid IP address.
Creating this relationship between internal and external addresses is done by defining internal and external address ranges of equal length. Once that relationship is defined, the machine with the first internal address is accessible at the first IP address in the external address range, the second machine at the second external IP address, and so on.
Consider a LAN for which the ISP has assigned the IP addresses range from 209.19.28.16 to 209.19.28.31, with 209.19.28.16 used as the RV082 WAN IP (NAT Public) Address. The address range of 192.168.168.1 to 192.168.168.255 is used for the machines on the LAN. Typically, only machines that have been designated as Public LAN Servers will be accessible from the Internet. However, with One-to-One NAT the machines with the internal IP addresses of 192.168.168.2 to 192.168.168.15 may be accessed at the corresponding external IP address.
Note: The RV082 WAN IP (NAT Public) Address may not be included in a range.
1. Enable One-to-One NAT: If you check the box, One-to-One NAT will be enabled.
2. Private Range Begin: Enter the beginning IP address of the private address range being mapped in the Private Range Begin field. This will be the IP address of the first machine being made accessible from the Internet.
3. Public Range Begin: Enter the beginning IP address of the public address range being mapped in the Public Range Begin field. This address will be assigned by the ISP. The RV082 WAN IP (NAT Public) Address may not be included in the range.
4. Range Length: Enter the number of IP addresses for the range. The range length may not exceed the number of valid IP address. Up to 64 ranges may be added. To map a single address, use a Range Length of 1.
Note: One-to-One NAT does change the way the firewall functions work. Access to machines on the LAN from the Internet will be allowed unless Network Access Rules are set.
You can click Add to List button or Delete selected range.
Click the Save Settings button to save the settings or click the Cancel Changes button to undo your changes.
-----------------------
To clarify Linsys's example above:
WAN IPs from ISP: 209.19.28.16 to 209.19.28.31
LAN IPs: 192.168.168.1 to 192.168.168.255
Since 209.19.28.16 is being used as the WAN IP of WAN1, it cannot be used in the 1-to-1 NAT pool. Similarly, if 209.19.28.17 were being used as the WAN IP of WAN2 (in dual WAN mode) or the DMZ WAN IP (DMZ mode), then you would not be able to use it either in a 1-to-1 NAT pool. The WAN IPs you use must be FREE of any other interface be it WAN1, WAN2, or DMZ.
Lets say that we want to map 5 external IPs to 5 LAN IPs and that we're using Dual WAN Mode with WAN1 at 209.19.28.16 and WAN2 at 209.19.28.17. That means we can start our block of 5 WAN IPs at 209.19.28.18. Our servers have private IPs of 192.168.168.100 - 192.168.168.104.
Setup would look like the following:
Private Range Begin: 192.168.168.100
Public Range Begin: 209.19.28.18
Range Length: 5
What this does is allow ALL traffic ...
From WAN IP To LAN IP
209.19.28.18 192.168.168.100
209.19.28.19 192.168.168.101
209.19.28.20 192.168.168.102
209.19.28.21 192.168.168.103
209.19.28.22 192.168.168.104
Note: You should assign static IPs to the LAN servers (no DHCP can be used). Also, the IPs I chose for the LAN servers were arbitrary. You can select ANY range of IPs within your private subnet as long as the IPs are consecutive. Similarly, I could have chosen ANY WAN IP for my 'Public Range Begin' from the first available FREE WAN IP to the largest WAN IP that left enough WAN IPs in the block assigned from the ISP to complete the range. In this example, since the Range Length was 5, this means I could have selected from 209.19.28.18 to 209.19.28.27 as my 'Public Range Begin'.
Hope this helps!
From the RV082 help
--------------------
One-to-One NAT creates a relationship which maps valid external addresses to internal addresses hidden by NAT. Machines with an internal address may be accessed at the corresponding external valid IP address.
Creating this relationship between internal and external addresses is done by defining internal and external address ranges of equal length. Once that relationship is defined, the machine with the first internal address is accessible at the first IP address in the external address range, the second machine at the second external IP address, and so on.
Consider a LAN for which the ISP has assigned the IP addresses range from 209.19.28.16 to 209.19.28.31, with 209.19.28.16 used as the RV082 WAN IP (NAT Public) Address. The address range of 192.168.168.1 to 192.168.168.255 is used for the machines on the LAN. Typically, only machines that have been designated as Public LAN Servers will be accessible from the Internet. However, with One-to-One NAT the machines with the internal IP addresses of 192.168.168.2 to 192.168.168.15 may be accessed at the corresponding external IP address.
Note: The RV082 WAN IP (NAT Public) Address may not be included in a range.
1. Enable One-to-One NAT: If you check the box, One-to-One NAT will be enabled.
2. Private Range Begin: Enter the beginning IP address of the private address range being mapped in the Private Range Begin field. This will be the IP address of the first machine being made accessible from the Internet.
3. Public Range Begin: Enter the beginning IP address of the public address range being mapped in the Public Range Begin field. This address will be assigned by the ISP. The RV082 WAN IP (NAT Public) Address may not be included in the range.
4. Range Length: Enter the number of IP addresses for the range. The range length may not exceed the number of valid IP address. Up to 64 ranges may be added. To map a single address, use a Range Length of 1.
Note: One-to-One NAT does change the way the firewall functions work. Access to machines on the LAN from the Internet will be allowed unless Network Access Rules are set.
You can click Add to List button or Delete selected range.
Click the Save Settings button to save the settings or click the Cancel Changes button to undo your changes.
-----------------------
To clarify Linsys's example above:
WAN IPs from ISP: 209.19.28.16 to 209.19.28.31
LAN IPs: 192.168.168.1 to 192.168.168.255
Since 209.19.28.16 is being used as the WAN IP of WAN1, it cannot be used in the 1-to-1 NAT pool. Similarly, if 209.19.28.17 were being used as the WAN IP of WAN2 (in dual WAN mode) or the DMZ WAN IP (DMZ mode), then you would not be able to use it either in a 1-to-1 NAT pool. The WAN IPs you use must be FREE of any other interface be it WAN1, WAN2, or DMZ.
Lets say that we want to map 5 external IPs to 5 LAN IPs and that we're using Dual WAN Mode with WAN1 at 209.19.28.16 and WAN2 at 209.19.28.17. That means we can start our block of 5 WAN IPs at 209.19.28.18. Our servers have private IPs of 192.168.168.100 - 192.168.168.104.
Setup would look like the following:
Private Range Begin: 192.168.168.100
Public Range Begin: 209.19.28.18
Range Length: 5
What this does is allow ALL traffic ...
From WAN IP To LAN IP
209.19.28.18 192.168.168.100
209.19.28.19 192.168.168.101
209.19.28.20 192.168.168.102
209.19.28.21 192.168.168.103
209.19.28.22 192.168.168.104
Note: You should assign static IPs to the LAN servers (no DHCP can be used). Also, the IPs I chose for the LAN servers were arbitrary. You can select ANY range of IPs within your private subnet as long as the IPs are consecutive. Similarly, I could have chosen ANY WAN IP for my 'Public Range Begin' from the first available FREE WAN IP to the largest WAN IP that left enough WAN IPs in the block assigned from the ISP to complete the range. In this example, since the Range Length was 5, this means I could have selected from 209.19.28.18 to 209.19.28.27 as my 'Public Range Begin'.
Hope this helps!
- Thread starter
- #3
Two thumbs up for you! Thanks once again.- Status
Similar threads
- Locked
- Question
- Locked
- Question