Include Page | ||||
---|---|---|---|---|
|
Hide_comments |
---|
Scroll Ignore | |
---|---|
|
...
Center | |||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
Examples
By using the "ifconfig" command set the public IP-address "123.1.1.1/32" for the "rf5.0" interface. Enable a dynamic routing for public IP-address by entering the "rip start" command.
Create an access list with "192.168.1.0/24" as the only network (our local network) and set the "123.1.1.1" IP-address as public for this network.
Or use the address received by the DHCP protocol as a public address. DHCP server has issued an IP-address through the "eth0" interface.
Allow the NAT module to perform the address translation in accordance with established rules.
| ||||||||||||||||||||||||||||
In following example, all incoming TCP connections to the 7777 port of this router are redirected to the host with the "192.168.1.5" IP-adress, port 23 (telnet).
All incoming TCP packets with "public_port_range" 3300-3399 and destination address "123.1.1.2" are redirected to the "192.168.1.4" address. Port mapping is "1 to 1", i.e. 3300->2300, 3301->2301.
| ||||||||||||||||||||||||||||
The IRC-server is running on the client A and the WEB-server is running on the client B. Then in order to make it work, connections accepting on ports 6667(irc) and 80(web), should be redirected to the appropriate hosts.
| ||||||||||||||||||||||||||||
NAT settings in this example provide the redirection of all traffic incoming to the "192.1.1.1" IP-address to the LAN address "192.168.1.2", and traffic incoming to "192.1.1.2" is redirected to "192.168.1.3".
| ||||||||||||||||||||||||||||
All outgoing LAN TCP packets destined for port 80 will be redirected to provider proxy server.
| ||||||||||||||||||||||||||||
NAT and H.323 telephony Subscribers and gatekeepers use several H.323 protocols. We are interested in two. RAS (registration, admission, status) used for subscriber registration on the gatekeeper and to monitor subscriber status. CS (call signaling) used by subscribers for signaling established for a specific call. Both these protocols described H.225.0 standard. Well known system configurations includes the following examples. | ||||||||||||||||||||||||||||
A subscriber resides in a LAN, and a gateway has a public IP-address. A subscriber makes outgoing calls only. Use the "h323_destination" parameter to provide for a subscriber from a local network an access to the gateway by the CS protocol. If the gateway accepts calls incoming to the 1720 well-known port, it is enough to turn the "default_h323" mode on. The subscriber resides in the LAN and has the "10.0.0.99" IP-address, the gateway has the "123.45.67.89" IP-address and resides in the Internet. Allow subscriber outgoing calls to the gateway by using following command:
The subscriber resides in the LAN and has the "10.0.0.99" IP-address, a gateway or several gateways are in the Internet with unknown addresses. Allow subscriber outgoing calls to the gateway by using following command:
| ||||||||||||||||||||||||||||
Several subscribers reside in a LAN, a gateway has a public IP-address, calls are both incoming and outgoing. For access from the gateway to the subscribers the "redirect_port" command should be used with the "cs" protocol specified, different alias addresses or ports. Directly specify gateway port and address (subscriber ports may be specified as well). Subscribers reside in the LAN having addresses "10.0.0.98" and "10.0.0.99", gateway resides in the Internet having address "123.45.67.89". NAT "alias_address" is "123.45.67.65". Allow subscribers to make outgoing calls to the gateway and to receive incoming calls from the gateway by using following command:
| ||||||||||||||||||||||||||||
A subscriber resides in a LAN, gets registered on the gatekeer with public IP-address and works via gatekeeper. To specify the "h323_destination ras" command and the gatekeeper address will be enough in this case. The "default_h323" mode can be enabled if subscribers make registration on the standard port 1719. A subscriber resides in the LAN having the "10.0.0.99" IP-address, gatekeeper resides in the Internet having the "123.45.67.89" address. Allow the subscriber to get registered on the gatekeeper, for making and receiving calls, by using following command:
Several subscribers reside in a LAN, the gatekeeper in the Internet has the "123.45.67.89" IP-address and non-RAS standard port 1024. Allow any subscriber to get registered on the gatekeeper for making and receiving calls, by using following command:
A subscriber resides in a LAN having the "10.0.0.99" IP-address and a gatekeeper or several gatekeepers reside in the Internet with unknown addresses. Allow the subscriber to get registered on unknown addresses, by using following command:
| ||||||||||||||||||||||||||||
A subscriber with the private IP-address gets registered on the gatekeeper from LAN. The "redirect_port" rule with ras protocol, its private IP-address and a gatekeeper RAS port must be specified to enable subscribers from the Internet to be registered on the gatekeeper. Since static subscribers also should work with the gatekeeper, the "redirect_port" rule with protocol CS, a private gatekeeper IP-address and its port should be specified as well. A subscriber resides in the Internet having the "123.45.67.89" IP-address, and the gatekeeper resides in a LAN having the "10.0.0.99" address. NAT "alias_address" is "123.45.67.65". Allow subscriber registered on this gatekeeper for making and receiving calls, by using following command:
RAS gatekeeper address is "123.45.67.65:1719". Static subscriber resides in the Internet having the "123.45.67.89" IP-address and the gatekeeper resides in a LAN having the "10.0.0.99" address. NAT "alias_address" is "123.45.67.65". Allow subscriber registered on this gatekeeper for making and receiving calls, by using following command:
In the subscriber configuration the gatekeeper IP-address should be "123.45.67.65:1720". |