Personal tools

1:1 NAT

From UntangleWiki

Jump to: navigation, search
[edit]

What is 1:1 NAT

1:1 NAT (Network Address Translation) is a mode of NAT that maps one internal address to one external address. For example, if a network has two internal servers at 192.168.1.10 and 192.168.1.11, then 1:1 NAT can map 192.168.1.10 to 1.2.3.5 and 192.168.1.11 to 1.2.3.6 (where 1.2.3.5 and 1.2.3.6 are both external IP address provided by your ISP).


[edit]

How do I setup 1:1 NAT?

You need to do three things: first, setup an external IP Address Alias; second, map inbound traffic to the external address to go to the correct internal machine; third, map outbound traffic from the internal machine to the correct external address. In this example, we'll assume your main Untangle IP is 1.2.3.4 and you're trying to setup 1:1 NAT for 192.168.1.10 to 1.2.3.5 - you will need to be in advanced mode to configure 1:1 NAT.


  • Create an IP Address Alias on the external interface for 1.2.3.5/(netmask should probably match the mask of the Primary IP) and save it. This tells the server to process traffic destined for that IP. This is done in Config > Networking > External:


  • Create a port forward for inbound traffic for 1.2.3.5 and save it. This tells all inbound traffic destined for 1.2.3.5 to be forwarded to 192.168.1.10. This is done in Config > Networking > Port Forwards:



  • Create a NAT policy for outbound traffic from 192.168.1.10. This tells all outbound traffic from 192.168.1.10 to be NAT'd to 1.2.3.5 (1.2.3.5 must also be added to the IP Address Aliases on the External Interface). This is done in Config > Networking > Internal (or the interface of 192.168.1.10) > NAT Policies:



Once this is configured and saved, your 1:1 NAT is set up.

Note: If you are giving Untangle a different IP address from your existing gateway(for test purposes while you get everything up and running), make sure that the gateway of the internal server has been updated to reflect the change to point to the new gateway.

[edit]

How do I verify 1:1 NAT is working?

You can check outbound traffic by going to your internal server and visiting whatismyip.com. You can check inbound traffic by testing your port forward. For example, if your internal server is running a web server then visit http://1.2.3.5/ from the outside - it should load the web server on 192.168.1.10.

Retrieved from "http://wiki.untangle.com/index.php/1:1_NAT"