226 MDS Orbit MCR/ECR Technical Manual MDS 05-6632A01, Rev. F
Source NAT (Masquerading) 3.8.9
Understanding
Network address translation is a component of the firewall service provided on the Orbit MCR. NAT
allows mapping of private IP addresses to public IP addresses and vice versa. There are three basic kinds
of network address translation:
Source NAT
Destination NAT
Static NAT
Source NAT
Source NAT performs translation of source IP address of the traffic egressing an interface. This is
typically used to provide many-to-one translation (also called masquerading) of a private network behind
the MCR to allow hosts on that private network to access a host on the public network. (See Figure
3-136.) In the figure below, this host is HOST-B. From HOST-B's point of view, all traffic originating
from hosts in the private network will appear to have originated from a single IP address: The IP address
of the public interface of the MCR, typically the cellular interface. To allow return IP traffic for
UDP/TCP connections to be delivered to the right private host, the MCR also performs source port
translation. Therefore, masquerading consists of Network Address and Port Translation (NAPT).
Figure 3-136. Source NAT Translation of IP Address
In the diagram above, traffic from HOST-1, HOST-2, and HOST-3 on the private network 192.168.1.0/24
egresses the MCR’s cellular interface with a translated source IP address of 10.150.1.10.
Figure 3-137 shows the flow of packets being masqueraded (source NATed) through the MCR unit.
Figure 3-137. Packets Being Masqueraded Through MCR
Configuring
Source NAT configuration on MCR involves following high level steps:
Create a source NAT rule-set. 1.
Add a rule to perform source NAT on the public interface. 2.
Source NAT
To Next Page
Loading...
Need help?
General
