Network Address Translation (NAT)
NAT Overview
NAT (Network Address Translation – NAT, RFC 1631) is the translation of the IP address of a host in a packet, for example, the source address of an outgoing packet, used within one network to a different IP address known within another network.
What You Can Do in this Chapter
• Use the Port Forwarding screen to configure forward incoming service requests to the servers on your local network (Port Forwarding).
• Use the Port Triggering screen to add and configure the Zyxel Device’s trigger port settings (Port Triggering).
• Use the Address Mapping screen to enable and disable the NAT Address Mapping in the Zyxel Device (Address Mapping).
• Use the Sessions screen to limit the number of concurrent NAT sessions each client can use (Sessions).
• Use the Port Control Protocol screen to configure incoming traffic for devices behind the Zyxel Device (Port Control Protocol (PCP)).
What You Need To Know
The following terms and concepts may help as you read this chapter.
Inside/Outside and Global/Local
Inside/outside denotes where a host is located relative to the Zyxel Device, for example, the computers of your subscribers are the inside hosts, while the web servers on the Internet are the outside hosts.
Global/local denotes the IP address of a host in a packet as the packet traverses a router, for example, the local address refers to the IP address of a host when the packet is in the local network, while the global address refers to the IP address of the host when the same packet is traveling in the WAN side.
NAT
In the simplest form, NAT changes the source IP address in a packet received from a subscriber (the inside local address) to another (the inside global address) before forwarding the packet to the WAN side. When the response comes back, NAT translates the destination address (the inside global address) back to the inside local address before forwarding it to the original inside host.
Port Forwarding
A port forwarding set is a list of inside (behind NAT on the LAN) servers, for example, web that you can make visible to the outside world even though NAT makes your whole inside network appear as a single computer to the outside world.
Port Forwarding
Use Port Forwarding to forward incoming service requests from the Internet to the servers on your local network. Port forwarding is commonly used when you want to host online gaming, P2P file sharing, or other servers on your network.
You may enter a single port number or a range of port numbers to be forwarded, and the local IP address of the desired server. The port number identifies a service; for example, web service is on port 80 on port 21. In some cases, such as for unknown services or where one server can support more than one service (for example web service), it might be better to specify a range of port numbers. You can allocate a server IP address that corresponds to a port or a range of ports. Please refer to RFC 1700 for further information about port numbers.
Many residential broadband ISP accounts do not allow you to run any server processes (such as a Web server) from your location. Your ISP may periodically check for servers and may suspend your account if it discovers any active services at your location. If you are unsure, refer to your ISP.Configure Servers Behind Port Forwarding (Example)
Let's say you want to assign ports 21-25 to one Telnet and SMTP server (A in the example), port 80 to another (B in the example), a default server IP address of 192.168.1.35 to a third (C in the example), and a default server IP address of 192.168.1.36 to a fourth (D in the example). You assign the LAN IP addresses and the ISP assigns the WAN IP address. The NAT network appears as a single host on the Internet.
Multiple Servers Behind NAT Example
Port Forwarding
Click Network Setting > NAT to open the Port Forwarding screen.
TCP port 7547 is reserved for system use.Network Setting > NAT > Port Forwarding
The following table describes the fields in this screen.
LABEL | Description |
|---|---|
Add New Rule | Click this to add a new port forwarding rule. |
# | This is the index number of the entry. |
Status | This field indicates whether the rule is active or not. A yellow bulb signifies that this rule is active. A gray bulb signifies that this rule is not active. |
Service Name | This is the service’s name. This shows User Defined if you manually added a service. You can change this by clicking the edit icon. |
Originating IP | This is the source’s IP address. |
WAN Interface | Select the WAN interface for which to configure NAT port forwarding rules. |
Server IP Address | This is the server’s IP address. |
Start Port | This is the first external port number that identifies a service. |
End Port | This is the last external port number that identifies a service. |
Translation Start Port | This is the first internal port number that identifies a service. |
Translation End Port | This is the last internal port number that identifies a service. |
Protocol | This field displays the protocol (TCP, UDP, TCP+UDP) used to transport the packets for which you want to apply the rule. |
Modify | Click the Edit icon to edit the port forwarding rule. Click the Delete icon to delete an existing port forwarding rule. Note that subsequent address mapping rules move up by one when you take this action. |
Add or Edit Port Forwarding
Create or edit a port forwarding rule. Specify either a port or a range of ports, a server IP address, and a protocol to configure a port forwarding rule. Click Add New Rule in the Port Forwarding screen or the Edit icon next to an existing rule to open the following screen.
Network Setting > NAT > Port Forwarding: Add or Edit
To configure port forwarding, you need to have the same configurations in the Start Port, End Port, Translation Start Port, and Translation End Port fields.To configure port translation, you need to have different configurations in the Start Port, End Port, Translation Start Port, and Translation End Port fields.
Here is an example to configure port translation. Configure Start Port to 100, End Port to 120, Translation Start Port to 200, and Translation End Port to 220.
TCP port 7547 is reserved for system use.The following table describes the labels in this screen.
Label | Description |
|---|---|
Active | Click to turn the port forwarding rule on or off. |
Service Name | Enter a name for the service to forward. You can use up to 256 printable characters except [ " ], [ ` ], [ ' ], [ < ], [ > ], [ ^ ], [ $ ], [ | ], [ & ], or [ ; ]. Spaces are allowed. |
WAN Interface | Select the WAN interface for which to configure NAT port forwarding rules. |
Start Port | Configure this for a user-defined entry. Enter the original destination port for the packets. To forward only one port, enter the port number again in the End Port field. To forward a series of ports, enter the start port number here and the end port number in the End Port field. |
End Port | Configure this for a user-defined entry. Enter the last port of the original destination port range. To forward only one port, enter the port number in the Start Port field above and then enter it again in this field. To forward a series of ports, enter the last port number in a series that begins with the port number in the Start Port field above. |
Translation Start Port | Configure this for a user-defined entry. This shows the port number to which you want the Zyxel Device to translate the incoming port. For a range of ports, enter the first number of the range to which you want the incoming ports translated. |
Translation End Port | Configure this for a user-defined entry. This shows the last port of the translated port range. |
Server IP Address | Enter the inside IP address of the virtual server here. |
Configure Originating IP | Click the Enable checkbox to enter the source IP in the next field. |
Originating IP | Enter the source IP address here. |
Protocol | Select the protocol supported by this virtual server. Choices are TCP, UDP, or TCP/UDP. |
OK | Click this to save your changes. |
Cancel | Click this to exit this screen without saving. |
Port Triggering
Some services use a dedicated range of ports on the client side and a dedicated range of ports on the server side. With regular port forwarding, you set a forwarding port in NAT to forward a service (coming in from the server on the WAN) to the IP address of a computer on the client side (LAN). The problem is that port forwarding only forwards a service to a single LAN IP address. In order to use the same service on a different LAN computer, you have to manually replace the LAN computer's IP address in the forwarding port with another LAN computer's IP address.
Trigger port forwarding allows computers on the LAN to dynamically take turns using the service.
The Zyxel Device records the IP address of a LAN computer that sends traffic to the WAN to request a service with a specific port number and protocol (a \"trigger\" port). When the Zyxel Device's WAN port receives a response with a specific port number and protocol (\"open\" port), the Zyxel Device forwards the traffic to the LAN IP address of the computer that sent the request. After that computer’s connection for that service closes, another computer on the LAN can use the service in the same manner. This way you do not need to configure a new IP address each time you want a different LAN computer to use the application.
For example:
Trigger Port Forwarding Process: Example
1 Jane requests a file from the Real Audio server (port 7070).
2 Port 7070 is a “trigger” port and causes the Zyxel Device to record Jane’s computer IP address. The Zyxel Device associates Jane's computer IP address with the "open" port range of 6970 – 7170.
3 The Real Audio server responds using a port number ranging between 6970 – 7170.
4 The Zyxel Device forwards the traffic to Jane’s computer IP address.
5 Only Jane can connect to the Real Audio server until the connection is closed or times out. The Zyxel Device times out in 3 minutes with UDP (User Datagram Protocol) or 2 hours with TCP/IP (Transfer Control Protocol/Internet Protocol).
Click Network Setting > NAT > Port Triggering to open the following screen. Use this screen to view your Zyxel Device’s trigger port settings.
TCP port 7547 is reserved for system use.The sum of trigger ports in all rules must be less than 1000 and every open port range must be less than 1000. When the protocol is TCP/UDP, the ports are counted twice.Network Setting > NAT > Port Triggering
The following table describes the labels in this screen.
Label | Description |
|---|---|
Add New Rule | Click this to create a new rule. |
# | This is the index number of the entry. |
Status | This field displays whether the port triggering rule is active or not. A yellow bulb signifies that this rule is active. A gray bulb signifies that this rule is not active. |
Service Name | This field displays the name of the service used by this rule. |
WAN Interface | This field shows the WAN interface through which the service is forwarded. |
Trigger Start Port | The trigger port is a port (or a range of ports) that causes (or triggers) the Zyxel Device to record the IP address of the LAN computer that sent the traffic to a server on the WAN. This is the first port number that identifies a service. |
Trigger End Port | This is the last port number that identifies a service. |
Trigger Proto. | This is the trigger transport layer protocol. |
Open Start Port | The open port is a port (or a range of ports) that a server on the WAN uses when it sends out a particular service. The Zyxel Device forwards the traffic with this port (or range of ports) to the client computer on the LAN that requested the service. This is the first port number that identifies a service. |
Open End Port | This is the last port number that identifies a service. |
Open Protocol | This is the open transport layer protocol. |
Modify | Click the Edit icon to edit this rule. Click the Delete icon to delete an existing rule. |
Add or Edit Port Triggering Rule
This screen lets you create new port triggering rules. Click Add New Rule in the Port Triggering screen or click a rule’s Edit icon to open the following screen. Use this screen to configure a port or range of ports and protocols for sending out requests and for receiving responses.
Network Setting > NAT > Port Triggering: Add or Edit
The following table describes the labels in this screen.
Label | Description |
|---|---|
Active | Click this switch to activate this rule. |
Service Name | Enter a name to identify this rule. You can use up to 256 printable characters except [ " ], [ ` ], [ ' ], [ < ], [ > ], [ ^ ], [ $ ], [ | ], [ & ], or [ ; ]. Spaces are allowed. |
WAN Interface | Select a WAN interface for which you want to configure port triggering rules. |
Trigger Start Port | The trigger port is a port (or a range of ports) that causes (or triggers) the Zyxel Device to record the IP address of the LAN computer that sent the traffic to a server on the WAN. Enter a port number or the starting port number in a range of port numbers. |
Trigger End Port | Enter a port number or the ending port number in a range of port numbers. |
Trigger Protocol | Select the transport layer protocol from TCP, UDP, or TCP/UDP. |
Open Start Port | The open port is a port (or a range of ports) that a server on the WAN uses when it sends out a particular service. The Zyxel Device forwards the traffic with this port (or range of ports) to the client computer on the LAN that requested the service. Enter a port number or the starting port number in a range of port numbers. |
Open End Port | Enter a port number or the ending port number in a range of port numbers. |
Open Protocol | Select the transport layer protocol from TCP, UDP, or TCP/UDP. |
Cancel | Click Cancel to exit this screen without saving. |
OK | Click OK to save your changes. |
DMZ
Use this screen to specify the IP address of a default server to receive packets from ports not specified in the Port Triggering screen. The DMZ (DeMilitarized Zone) is a network between the WAN and the LAN that is accessible to devices on both the WAN and LAN with firewall protection. Devices on the WAN can initiate connections to devices on the DMZ but not to those on the LAN.
You can put public servers, such as email and web servers, on the DMZ to provide services on both the WAN and LAN. To use this feature, you first need to assign a DMZ host. Click Network Setting > NAT > DMZ to open the DMZ screen.
Use an IPv4 address for the DMZ server.Enter the IP address of the default server in the Default Server Address field, and click Apply to activate the DMZ host. Otherwise, clear the IP address in the Default Server Address field, and click Apply to deactivate the DMZ host.Network Setting > NAT > DMZ
The following table describes the fields in this screen.
LABEL | Description |
|---|---|
Default Server Address | Enter the IP address of the default server which receives packets from ports that are not specified in the Port Forwarding screen. If you do not assign a default server, the Zyxel Device discards all packets received for ports not specified in the virtual server configuration. |
Apply | Click this to save your changes back to the Zyxel Device. |
Cancel | Click Cancel to restore your previously saved settings. |
ALG
Application Layer Gateway (ALG) allows customized NAT traversal filters to support address and port translation for certain applications such as Session Initiation Protocol (SIP) or file transfer in Instant Messaging (IM) applications. It allows SIP calls to pass through the Zyxel Device. When the Zyxel Device registers with the SIP register server, the SIP ALG translates the Zyxel Device’s private IP address inside the SIP data stream to a public IP address. You do not need to use STUN or an outbound proxy if your Zyxel Device is behind a SIP ALG.
Click Network Setting > NAT > ALG to open the ALG screen. Use this screen to enable and disable the NAT Application Layer Gateway (ALG) in the Zyxel Device.
Application Layer Gateway (ALG) allows certain applications such as Session Initiation Protocol (SIP) or file transfer in Instant Messaging (IM) applications to pass through the Zyxel Device.
Network Setting > NAT > ALG
The following table describes the fields in this screen.
Label | Description |
|---|---|
NAT ALG | Enable this to make sure applications such as file transfer in IM applications work correctly with port-forwarding and address-mapping rules. |
SIP ALG | Click this switch to enable SIP ALG to make sure SIP (VoIP) works correctly with port-forwarding and address-mapping rules. |
RTSP ALG | Click this switch to enable RTSP ALG to have the Zyxel Device detect RTSP traffic and help build RTSP sessions through its NAT. The Real Time Streaming (media control) Protocol (RTSP) is a remote control for multimedia on the Internet. |
PPTP ALG | Click this switch to enable the PPTP ALG on the Zyxel Device to detect PPTP traffic and help build PPTP sessions through the Zyxel Device’s NAT. |
IPSEC ALG | Click this switch to enable IPsec ALG on the Zyxel Device to detect IPsec traffic and help build IPsec sessions through the Zyxel Device’s NAT. |
Apply | Click Apply to save your changes back to the Zyxel Device. |
Cancel | Click Cancel to restore your previously saved settings. |
Address Mapping
Address mapping can map local IP Addresses to global IP addresses. Ordering your rules is important because the Zyxel Device applies the rules in the order that you specify. When a rule matches the current packet, the Zyxel Device takes the corresponding action and the remaining rules are ignored.
Use this screen to enable or disable the NAT Address Mapping in the Zyxel Device.
Address Mapping Screen
Click Network Setting > NAT > Address Mapping to open the Address Mapping screen.
Network Setting > NAT > Address Mapping
The following table describes the fields in this screen.
Label | Description |
|---|---|
Add New Rule | Click this to create a new rule. |
Rule Name | This is the name of the rule. |
Local Start IP | This is the starting Inside Local IP Address (ILA). |
Local End IP | This is the ending Inside Local IP Address (ILA). If the rule is for all local IP addresses, then this field displays 0.0.0.0 as the Local Start IP address and 255.255.255.255 as the Local End IP address. This field is blank for One-to-One mapping types. |
Global Start IP | This is the starting Inside Global IP Address (IGA). Enter 0.0.0.0 here if you have a dynamic IP address from your ISP. You can only do this for the Many-to-One mapping type. |
Global End IP | This is the ending Inside Global IP Address (IGA). This field is blank for One-to-One and Many-to-One mapping types. |
Type | This is the address mapping type. One-to-One: This mode maps one local IP address to one global IP address. Note that port numbers do not change for the One-to-One NAT mapping type. Many-to-One: This mode maps multiple local IP addresses to one global IP address. This is equivalent to SUA (i.e., PAT, port address translation), the Device's Single User Account feature that previous routers supported only. Many-to-Many: This mode maps multiple local IP addresses to shared global IP addresses. |
WAN Interface | This is the WAN interface to which the address mapping rule applies. |
Modify | Click the Edit icon to go to the screen where you can edit the address mapping rule. Click the Delete icon to delete an existing address mapping rule. Note that subsequent address mapping rules move up by one when you take this action. |
Add New Rule Screen
To add or edit an address mapping rule, click Add New Rule or the Modify icon in the Address Mapping screen to display the screen shown next.
Network Setting > NAT > Address Mapping > Add New Rule
The following table describes the fields in this screen.
LABEL | Description |
|---|---|
Rule Name | Enter a descriptive name for this rule. You can use up to 20 printable characters except [ " ], [ ` ], [ ' ], [ < ], [ > ], [ ^ ], [ $ ], [ | ], [ & ], or [ ; ]. Spaces are allowed. |
Type | Choose the IP or port mapping type from one of the following. One-to-One: This mode maps one local IP address to one global IP address. Note that port numbers do not change for the One-to-One NAT mapping type. Many-to-One: This mode maps multiple local IP addresses to one global IP address. This is equivalent to SUA (for example, PAT, port address translation), the device's Single User Account feature that previous routers supported only. Many-to-Many: This mode maps multiple local IP addresses to shared global IP addresses. |
Local Start IP | Enter the starting Inside Local IP Address (ILA). |
Local End IP | Enter the ending Inside Local IP Address (ILA). If the rule is for all local IP addresses, then this field displays 0.0.0.0 as the Local Start IP address and 255.255.255.255 as the Local End IP address. This field is blank for One-to-One mapping types. |
Global Start IP | Enter the starting Inside Global IP Address (IGA). Enter 0.0.0.0 here if you have a dynamic IP address from your ISP. You can only do this for the Many-to-One mapping type. |
Global End IP | Enter the ending Inside Global IP Address (IGA). This field is blank for One-to-One and Many-to-One mapping types. |
WAN Interface | Select a WAN interface to which the address mapping rule applies. |
Cancel | Click Cancel to exit this screen without saving. |
OK | Click OK to save your changes. |
Sessions
Use this screen to limit the number of concurrent NAT sessions a client can use, to ensure that no single client uses up too many available NAT sessions. Some applications, such as P2P file sharing, demand a greater number of NAT sessions in order to get a better uploading and downloading rate. Click Network Setting > NAT > Sessions to display the following screen.
Use the Sessions screen to limit the number of concurrent NAT sessions each client can use. Click Network Setting > NAT > Sessions to open the Sessions screen.
Enter a number of concurrent NAT sessions in the MAX NAT Session Per Host field, and click Apply to limit the number of concurrent NAT sessions a client can use. Otherwise, clear the number in the MAX NAT Session Per Host field. Click Apply and there is no limit for concurrent NAT sessions a client can use.Network Setting > NAT > Sessions
The following table describes the fields in this screen.
LABEL | Description |
|---|---|
MAX NAT Session Per Host | Use this field to set a common limit to the number of concurrent NAT sessions each client computer can have. If only a few clients use peer to peer applications, you can raise this number to improve their performance. With heavy peer to peer application use, lower this number to ensure no single client uses too many of the available NAT sessions. |
Cancel | Click Cancel to restore your previously saved settings. |
Apply | Click Apply to save your changes. |
Port Control Protocol (PCP)
Use this screen to view, add, or delete PCP rules. Port Control Protocol (PCP) allows devices such as web or file sharing servers behind the Zyxel Device to receive incoming traffic.
Example Applications
• Some remote access applications, such as remote desktop or SSH, require incoming traffic to be routed to the user's device in order to establish a remote connection. Use PCP to dynamically map incoming traffic to the user's device, allowing them to establish remote connections.
The PCP server allows dynamic mapping of external ports to internal IP addresses and ports. PCP allows devices to request and release mappings for specific ports, and to specify the lifetime of those mappings. This allows devices to dynamically open and close ports just as needed, and does not need keepalive packets that can drain battery life of home devices such as smartphones.
In the following figure, the Zyxel Device is the PCP client. DS-Lite tunnels IPv4 packets over an IPv6 network to an AFTR (Address Family Transition Router) and Carrier-Grade NAT (CGNAT) which includes the PCP server, then sends traffic to its external IPv4 network. The Port Control Protocol with DS Lite allows you to create PCP mapping rules with the PCP server.
Requirement
You must enable DS Lite (Dual-Stack Lite) in Network Setting > Broadband > Edit WAN Interface to use PCP.
• If you select Automatically configured by DHCPC, then the IP address of the PCP server is in assigned to the Zyxel Device using DCHP Option 64.
• If you select Manually Configured, then you must enter the IPv6 address of the PCP server in the DS-Lite Relay server IP field.
Configuring PCP
Click Network Setting > NAT > PCP to display the following screen.
Network Setting > NAT > PCP
The following table describes the fields in this screen.
LABEL | DESCRIPTION |
|---|---|
Add New Rule | Click this to add a new PCP rule. |
# | This is the index number of the rule. |
External IPv4 Address | This displays the external IP address assigned by the PCP server. PCP maps from this IP address to the LAN device IP address. |
Required Internal Port | This displays the internal port number that the PCP server maps to, from the external port. |
Required External Port | This displays the proposed external port number that the PCP server maps from, to the internal port. |
Assigned Public Port | This displays the allocated external port number assigned by the PCP server for the service on the WAN if Allow PCP Port Proposal is enabled. PCP maps from this port number to the internal port number. |
Protocol | This is the protocol (TCP or UDP) for port number that identifies a service. |
Internal IPv4 Address | This is the LAN device IP address. PCP maps the external IP address to this IP address. |
PCP Server | This field displays the status of the PCP mapping request to the PCP server. • Succeeded - The PCP server successfully mapped the external IP address and port to the internal IP address and port. • Failed - The PCP server failed to map the external IP address and port to the internal IP address and port. Make sure to select Allow PCP Port Proposal to allow the PCP server to assign an external IP address and port if the configured ones are not available. |
Allow PCP Port Proposal (Y/N) | This displays Y if the PCP server can assign a different external IP address and port to the required ones you configured. |
Delete | Select a rule, then click this icon to remove the rule from the Zyxel Device. |
Add New Rule Screen
To add a new PCP rule, click Add New Rule. To edit an existing rule, select the rule, then click the Modify icon. The following screen displays.
Be careful not to configure conflicting mapping between PCP and NAT port forwarding for incoming traffic.Network Setting > NAT > PCP > Add New Rule
The following table describes the fields in this screen.
Technical Reference
This part contains more information regarding NAT.
NAT Definitions
Inside or outside denotes where a host is located relative to the Zyxel Device, for example, the computers of your subscribers are the inside hosts, while the web servers on the Internet are the outside hosts.
Global or local denotes the IP address of a host in a packet as the packet traverses a router, for example, the local address refers to the IP address of a host when the packet is in the local network, while the global address refers to the IP address of the host when the same packet is traveling in the WAN side.
Note that inside or outside refers to the location of a host, while global/local refers to the IP address of a host used in a packet. Thus, an inside local address (ILA) is the IP address of an inside host in a packet when the packet is still in the local network, while an inside global address (IGA) is the IP address of the same inside host when the packet is on the WAN side. The following table summarizes this information.
ITEM | DESCRIPTION |
|---|---|
Inside | This refers to the host on the LAN. |
Outside | This refers to the host on the WAN. |
Local | This refers to the packet address (source or destination) as the packet travels on the LAN. |
Global | This refers to the packet address (source or destination) as the packet travels on the WAN. |
NAT never changes the IP address (either local or global) of an outside host.
What NAT Does
In the simplest form, NAT changes the source IP address in a packet received from a subscriber (the inside local address) to another (the inside global address) before forwarding the packet to the WAN side. When the response comes back, NAT translates the destination address (the inside global address) back to the inside local address before forwarding it to the original inside host. Note that the IP address (either local or global) of an outside host is never changed.
The global IP addresses for the inside hosts can be either static or dynamically assigned by the ISP. In addition, you can designate servers, for example, a web server and a telnet server, on your local network and make them accessible to the outside world. If you do not define any servers (for Many-to-One and Many-to-Many Overload mapping), NAT offers the additional benefit of firewall protection. With no servers defined, your Zyxel Device filters out all incoming inquiries, thus preventing intruders from probing your network. For more information on IP address translation, refer to RFC 1631, The IP Network Address Translator (NAT).
How NAT Works
Each packet has two addresses – a source address and a destination address. For outgoing packets, the ILA (Inside Local Address) is the source address on the LAN, and the IGA (Inside Global Address) is the source address on the WAN. For incoming packets, the ILA is the destination address on the LAN, and the IGA is the destination address on the WAN. NAT maps private (local) IP addresses to globally unique ones required for communication with hosts on other networks. It replaces the original IP source address (and TCP or UDP source port numbers for Many-to-One and Many-to-Many Overload NAT mapping) in each packet and then forwards it to the Internet. The Zyxel Device keeps track of the original addresses and port numbers so incoming reply packets can have their original values restored. The following figure illustrates this.
How NAT Works
NAT Application
The following figure illustrates a possible NAT application, where three inside LANs (logical LANs using IP alias) behind the Zyxel Device can communicate with three distinct WAN networks.
NAT Application With IP Alias
Port Forwarding: Services and Port Numbers
The most often used port numbers are shown in the following table. Please refer to RFC 1700 for further information about port numbers. Please also refer to the Supporting CD for more examples and details on port forwarding and NAT.
Services | Port Number |
|---|---|
ECHO | 7 |
SMTP (Simple Mail Transfer Protocol) | 25 |
DNS (Domain Name System) | 53 |
Finger | 79 |
HTTP (Hyper Text Transfer protocol or WWW, Web) | 80 |
POP3 (Post Office Protocol) | 110 |
NNTP (Network News Transport Protocol) | 119 |
SNMP (Simple Network Management Protocol) | 161 |
SNMP trap | 162 |
PPTP (Point-to-Point Tunneling Protocol) | 1723 |
Port Forwarding Example
Let's say you want to assign ports 21 – 25 to one Telnet and SMTP server (A in the example), port 80 to another (B in the example) and assign a default server IP address of 192.168.1.35 to a third (C in the example). You assign the LAN IP addresses and the ISP assigns the WAN IP address. The NAT network appears as a single host on the Internet.
Multiple Servers Behind NAT Example