ZyXEL Router Prestige 334 User Manual
Have a look at the manual ZyXEL Router Prestige 334 User Manual online for free. It’s possible to download the document as PDF or print. UserManuals.tech offer 3 ZyXEL manuals and user’s guides for free. Share the user manual or guide on Facebook, Twitter or Google+.
![Page 238
Prestige 334 User’s Guide
237 Chapter 25 Network Address Translation (NAT)
Figure 111 Menu 4 Applying NAT for Internet Access
The following figure shows how you apply NAT to the remote node in menu 11.1.
1Enter 11 from the main menu.
2When menu 11 appears, as shown in the following figure, type the number of the remote
node that you want to configure.
3Move the cursor to the Edit IP field, press [SPACE BAR] to select Ye s and then press
[ENTER] to bring up Menu 11.3 - Remote Node Network Layer...](http://img.usermanuals.tech/thumb/5445/102918/w64_index.html@nav=null&now=get&message=Downloading&file=P-334_3-60-237.png "Page 238
Prestige 334 User’s Guide
237 Chapter 25 Network Address Translation (NAT)
Figure 111 Menu 4 Applying NAT for Internet Access
The following figure shows how you apply NAT to the remote node in menu 11.1.
1Enter 11 from the main menu.
2When menu 11 appears, as shown in the following figure, type the number of the remote
node that you want to configure.
3Move the cursor to the Edit IP field, press [SPACE BAR] to select Ye s and then press
[ENTER] to bring up Menu 11.3 - Remote Node Network Layer...")
![Page 241
Prestige 334 User’s Guide
Chapter 25 Network Address Translation (NAT) 240
Figure 115 Menu 15.1.255 SUA Address Mapping Rules
The following table explains the fields in this menu.
25.3.1.1 User-Defined Address Mapping Sets
Now let’s look at option 1 in menu 15.1. Enter 1 to bring up this menu. We’ll just look at the
differences from the previous menu. Note the extra Action and Select Rule fields mean you
can configure rules in this screen. Note also that the [?] in the Set Name field means that...](http://img.usermanuals.tech/thumb/5445/102918/w64_index.html@nav=null&now=get&message=Downloading&file=P-334_3-60-240.png "Page 241
Prestige 334 User’s Guide
Chapter 25 Network Address Translation (NAT) 240
Figure 115 Menu 15.1.255 SUA Address Mapping Rules
The following table explains the fields in this menu.
25.3.1.1 User-Defined Address Mapping Sets
Now let’s look at option 1 in menu 15.1. Enter 1 to bring up this menu. We’ll just look at the
differences from the previous menu. Note the extra Action and Select Rule fields mean you
can configure rules in this screen. Note also that the [?] in the Set Name field means that...")
Prestige 334 User’s Guide
Chapter 25 Network Address Translation (NAT) 240
Figure 115 Menu 15.1.255 SUA Address Mapping Rules
The following table explains the fields in this menu.
25.3.1.1 User-Defined Address Mapping Sets
Now let’s look at option 1 in menu 15.1. Enter 1 to bring up this menu. We’ll just look at the
differences from the previous menu. Note the extra Action and Select Rule fields mean you
can configure rules in this screen. Note also that the [?] in the Set Name field means that this
is a required field and you must enter a name for the set.
Menu 15.1.255 - Address Mapping Rules
Set Name= SUA
Idx Local Start IP Local End IP Global Start IP Global End IP Type
--- -------------- --------------- --------------- --------------- ------
1. 0.0.0.0 255.255.255.255 0.0.0.0 M-1
2. 0.0.0.0 Server
3.
4.
5.
6.
7.
8.
9.
10.
Press ENTER to Confirm or ESC to Cancel:
Table 81 SUA Address Mapping Rules
FIELDDESCRIPTION
Set NameThis is the name of the set you selected in menu 15.1 or enter the name of a new
set you want to create.
IdxThis is the index or rule number.
Local Start IPLocal Start IP is the starting local IP address (ILA).
Local End IPLocal End IP is the ending local IP address (ILA). If the rule is for all local IPs,
then the Start IP is 0.0.0.0 and the End IP is 255.255.255.255.
Global Start IPThis is the starting global IP address (IGA). If you have a dynamic IP, enter
0.0.0.0 as the Global Start IP.
Global End IPThis is the ending global IP address (IGA).
Ty p eThese are the mapping types. Server allows us to specify multiple servers of
different types behind NAT to this machine. See later for some examples.
When you have completed this menu, press [ENTER] at the prompt “Press ENTER to confirm or ESC to
cancel” to save your configuration or press [ESC] to cancel and go back to the previous screen.
Note: Menu 15.1.255 is read-only.
Prestige 334 User’s Guide
241 Chapter 25 Network Address Translation (NAT)
Figure 116 Menu 15.1.1 First Set
25.3.1.2 Ordering Your Rules
Ordering your rules is important because the Prestige applies the rules in the order that you
specify. When a rule matches the current packet, the Prestige takes the corresponding action
and the remaining rules are ignored. If there are any empty rules before your new configured
rule, your configured rule will be pushed up by that number of empty rules. For example, if
you have already configured rules 1 to 6 in your current set and now you configure rule
number 9. In the set summary screen, the new rule will be rule 7, not 9.
Menu 15.1.1 - Address Mapping Rules
Set Name= NAT_SET
Idx Local Start IP Local End IP Global Start IP Global End IP Type
--- --------------- -------------- --------------- --------------- ------
1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
Action= Edit Select Rule=
Press ENTER to Confirm or ESC to Cancel:
Note: If the Set Name field is left blank, the entire set will be
deleted.
Note: The Type, Local and Global Start/End IPs are configured
in menu 15.1.1.1 (described later) and the values are displayed
here
Prestige 334 User’s Guide Chapter 25 Network Address Translation (NAT) 242 Now if you delete rule 4, rules 5 to 7 will be pushed up by 1 rule, so as old rule 5 becomes rule 4, old rule 6 becomes rule 5 and old rule 7 becomes rule 6. Selecting Edit in the Action field and then selecting a rule brings up the following menu, Menu 15.1.1.1 - Address Mapping Rule in which you can edit an individual rule and configure the Ty p e, Local and Global Start/End IPs. Table 82 Menu 15.1.1 First Set FIELDDESCRIPTION Set NameEnter a name for this set of rules. This is a required field. If this field is left blank, the entire set will be deleted. ActionThe default is Edit. Edit means you want to edit a selected rule (see following field). Insert Before means to insert a rule before the rule selected. The rules after the selected rule will then be moved down by one rule. Delete means to delete the selected rule and then all the rules after the selected one will be advanced one rule. None disables the Select Rule item. Select RuleWhen you choose Edit, Insert Before or Delete in the previous field the cursor jumps to this field to allow you to select the rule to apply the action in question. Note: You must press [ENTER] at the bottom of the screen to save the whole set. You must do this again if you make any changes to the set – including deleting a rule. No changes to the set take place until this action is taken Note: An End IP address must be numerically greater than its corresponding IP Start address
Prestige 334 User’s Guide
243 Chapter 25 Network Address Translation (NAT)
Figure 117 Menu 15.1.1.1 Editing/Configuring an Individual Rule in a Set
The following table explains the fields in this menu.
25.4 Configuring a Server behind NAT
Follow these steps to configure a server behind NAT:
1Enter 15 in the main menu to go to Menu 15 - NAT Setup.
2Enter 2 to display Menu 15.2 - NAT Server Setup as shown next.
Menu 15.1.1.1 Address Mapping Rule
Type= One-to-One
Local IP:
Start= 0.0.0.0
End = N/A
Global IP:
Start= 0.0.0.0
End = N/A
Press ENTER to Confirm or ESC to Cancel:
Table 83 Menu 15.1.1.1 Editing/Configuring an Individual Rule in a Set
FIELDDESCRIPTION
Ty p ePress [SPACE BAR] and then [ENTER] to select from a total of five types. These are
the mapping types discussed in the chapter on NAT web configurator screens. Server
allows you to specify multiple servers of different types behind NAT to this computer.
See section for an example.
Local IPOnly local IP fields are N/A for server; Global IP fields MUST be set for Server.
StartThis is the starting local IP address (ILA).
EndThis is the ending local IP address (ILA). If the rule is for all local IPs, then put the Start
IP as 0.0.0.0 and the End IP as 255.255.255.255. This field is N/A for One-to-One and
Server types.
Global IP
StartThis is the starting inside global IP address (IGA). If you have a dynamic IP, enter
0.0.0.0 as the Global IP Start. Note that Global IP Start can be set to 0.0.0.0 only if
the types are Many-to-One or Server.
EndThis is the ending inside global IP address (IGA). This field is N/A for One-to-One,
Many-to-One and Server types.
When you have completed this menu, press [ENTER] at the prompt “Press ENTER to confirm or ESC
to cancel” to save your configuration or press [ESC] to cancel and go back to the previous screen.
Prestige 334 User’s Guide
Chapter 25 Network Address Translation (NAT) 244
Figure 118 Menu 15.2.1 NAT Server Setup
3Enter a port number in an unused Star t Po rt No field. To forward only one port, enter it
again in the End Port No field. To specify a range of ports, enter the last port to be
forwarded in the End Port No field.
4Enter the inside IP address of the server in the IP Address field. In the following figure,
you have a computer acting as an FTP, Telnet and SMTP server (ports 21, 23 and 25) at
192.168.1.33.
5Press [ENTER] at the “Press ENTER to confirm …” prompt to save your configuration
after you define all the servers or press [ESC] at any time to cancel.
You assign the private network IP addresses. The NAT network appears as a single host on the
Internet. A is the FTP/Telnet/SMTP server.
Figure 119 Multiple Servers Behind NAT Example
25.5 General NAT Examples
The following are some examples of NAT configuration.
Menu 15.2 - NAT Server Setup
Rule Start Port No. End Port No. IP Address
---------------------------------------------------
1. Default Default 0.0.0.0
2. 21 25 192.168.1.33
3. 0 0 0.0.0.0
4. 0 0 0.0.0.0
5. 0 0 0.0.0.0
6. 0 0 0.0.0.0
7. 0 0 0.0.0.0
8. 0 0 0.0.0.0
9. 0 0 0.0.0.0
10. 0 0 0.0.0.0
11. 0 0 0.0.0.0
12. 0 0 0.0.0.0
Press ENTER to Confirm or ESC to Cancel:
Prestige 334 User’s Guide
245 Chapter 25 Network Address Translation (NAT)
25.5.1 Example 1: Internet Access Only
In the following Internet access example, you only need one rule where the ILAs (Inside Local
Addresses) of computers A through D map to one dynamic IGA (Inside Global Address)
assigned by your ISP.
Figure 120 NAT Example 1
Figure 121 Menu 4 Internet Access & NAT Example
From menu 4, choose the SUA Only option from the Network Address Translation field.
This is the Many-to-One mapping discussed in section General NAT Examples. The SUA
Only read-only option from the Network Address Translation field in menus 4 and 11.3 is
specifically pre-configured to handle this case.
25.5.2 Example 2: Internet Access with an Inside Server
The dynamic Inside Global Address is assigned by the ISP.
Menu 4 - Internet Access Setup
ISPs Name= MyISP
Encapsulation= Ethernet
Service Type= Standard
My Login= N/A
My Password= N/A
Retype to Confirm= N/A
Login Server= N/A
Relogin Every (min)= N/A
IP Address Assignment= Dynamic
IP Address= N/A
IP Subnet Mask= N/A
Gateway IP Address= N/A
Network Address Translation = SUA Only
Press ENTER to Confirm or ESC to Cancel:
Prestige 334 User’s Guide
Chapter 25 Network Address Translation (NAT) 246
Figure 122 NAT Example 2
In this case, you do exactly as above (use the convenient pre-configured SUA Only set) and
also go to menu 15.2 to specify the Inside Server behind the NAT as shown in the next figure.
Figure 123 Menu 15.2.1 Specifying an Inside Server
25.5.3 Example 3: Multiple Public IP Addresses With Inside Servers
In this example, there are 3 IGAs from our ISP. There are many departments but two have
their own FTP server. All departments share the same router. The example will reserve one
IGA for each department with an FTP server and all departments use the other IGA. Map the
FTP servers to the first two IGAs and the other LAN traffic to the remaining IGA. Map the
third IGA to an inside web server and mail server. Four rules need to be configured, two bi-
directional and two unidirectional as follows.
1Map the first IGA to the first inside FTP server for FTP traffic in both directions (1 : 1
mapping, giving both local and global IP addresses).
2Map the second IGA to our second inside FTP server for FTP traffic in both directions (1
: 1 mapping, giving both local and global IP addresses).
3Map the other outgoing LAN traffic to IGA3 (Many : 1 mapping).
Menu 15.2.1 - NAT Server Setup
Rule Start Port No. End Port No. IP Address
---------------------------------------------------
1. Default Default 192.168.1.10
2. 0 0 0.0.0.0
3. 0 0 0.0.0.0
4. 0 0 0.0.0.0
5. 0 0 0.0.0.0
6. 0 0 0.0.0.0
7. 0 0 0.0.0.0
8. 0 0 0.0.0.0
9. 0 0 0.0.0.0
10. 0 0 0.0.0.0
11. 0 0 0.0.0.0
12. 0 0 0.0.0.0
Press ENTER to Confirm or ESC to Cancel:
Prestige 334 User’s Guide 247 Chapter 25 Network Address Translation (NAT) 4You also map your third IGA to the web server and mail server on the LAN. Type Server allows you to specify multiple servers, of different types, to other computers behind NAT on the LAN. The example situation looks somewhat like this: Figure 124 NAT Example 3 1In this case you need to configure Address Mapping Set 1 from Menu 15.1 - Address Mapping Sets. Therefore you must choose the Full Feature option from the Network Address Translation field (in menu 4 or menu 11.3) see Figure 105. 2Then enter 15 from the main menu. 3Enter 1 to configure the Address Mapping Sets. 4Enter 1 to begin configuring this new set. Enter a Set Name, choose the Edit Action and then enter 1 for the Select Rule field. Press [ENTER] to confirm. 5Select Ty p e as One-to-One (direct mapping for packets going both ways), and enter the local Start IP as 192.168.1.10 (the IP address of FTP Server 1), the global Sta rt IP as 10.132.50.1 (our first IGA) see Figure 126. 6Repeat the previous step for rules 2 to 4 as outlined above. 7When finished, menu 15.1.1.1 should look like as shown in Example 3: Final Menu 15.1.1.
Prestige 334 User’s Guide
Chapter 25 Network Address Translation (NAT) 248
Figure 125 NAT Example 3: Menu 11.3
The following figures show how to configure the first rule.
Menu 11.3 - Remote Node Network Layer Options
IP Address Assignment= Dynamic
IP Address= N/A
IP Subnet Mask= N/A
Gateway IP Addr= N/A
Network Address Translation = Full Feature
Metric= 1
Private= N/A
RIP Direction= None
Version= N/A
Multicast= None
Enter here to CONFIRM or ESC to CANCEL:
Prestige 334 User’s Guide
249 Chapter 25 Network Address Translation (NAT)
Figure 126 Example 3: Menu 15.1.1.1
Figure 127 Example 3: Final Menu 15.1.1
Now configure the IGA3 to map to our web server and mail server on the LAN.
8Enter 15 from the main menu.
9Enter 2 in Menu 15 - NAT Setup.
10Enter 1 in Menu 15.2 - NAT Server Setup to see the following menu. Configure it as
shown.
Menu 15.1.1.1 Address Mapping Rule
Type= One-to-One
Local IP:
Start= 192.168.1.10
End = N/A
Global IP:
Start= 10.132.50.1
End = N/A
Press ENTER to Confirm or ESC to Cancel:
Press Space Bar to Toggle.
Menu 15.1.1 - Address Mapping Rules
Set Name= NAT_SET
Idx Local Start IP Local End IP Global Start IP Global End IP Type
--- --------------- -------------- --------------- --------------- ------
1. 192.168.1.10 10.132.50.1 1-1
2. 192.168.1.11 10.132.50.2 1-1
3. 0.0.0.0 255.255.255.255 10.132.50.3 M-1
4. 10.132.50.3 Server
5.
6.
7.
8.
9.
10.
Action= None Select Rule= N/A
Press ENTER to Confirm or ESC to Cancel: