Mailing List
Mailing List
Sign Up Here
Like, follow & share: visit DrayTek UK's Facebook page visit DrayTek UK's Twitter page visit DrayTek UK's Linkedin page
DrayTek

How do I use MultiNAT ?

Products:
Vigor 2832
VigorBX 2000
Vigor 2600
Vigor 2800
Show all

Keywords:
Address Mapping
IP Alias
NAT
Static IP
Show all

In the most common type of router installation, the user uses the NAT facility of the router. NAT, Network Address Translation creates a many-to-one relationship from your private IP addresses to your single public IP address. This means that regardless of your internal private IP address, you appear on the Internet as your single public IP address (static or dynamic). This provides inherrent security to your network clients because their private address is 'hidden' from the outside world and normally cannot be reached directly, unless it solicits contact, or you deliberately open up ports/protocols to it.

Multi-NAT can be used where you have been allocated multiple public IP addresses by your ISP. Instead of a many-to-one relationship, you can have a one-to-one relationship between a public IP address and an internal/private IP address. This means that you have have the protection of NAT (see earlier) but the PC can be addressed directly from the outside world by its aliased public IP address, but still by only opening specific ports to it (for example TCP port 80 for an http/web server).

Multi-NAT button on PPPoA Setup Screen

WAN IP Alias setup

Once you have entered some of your public IP addresses into the MultiNAT/IP Alias menu (reached from the Internet Access / PPPoA setup page - as above), those addresses will then be selectable on either the NAT/Open Ports menu or the NAT / DMZ menu.

Port forwarding of a WAN IP Alias

Port Forward summary

For outgoing traffic which isn't a reply to an incoming server request, outgoing packets from the internal clients will take the router's primary WAN IP address as their source IP address. If you enable the setting of 'Join IP Pool' then the client will appear on any of the multi-NAT addresses.

Problems Accessing Secure sites (e.g. banking): After enabling MiultiNAT, if LAN users have problems with banking or other high security sites, you should uncheck "Join NAT IP Pool" (as shwon in the image above). Having that box enabled randomises the outgoing IP address from the pool.


How do I fix a one-to-one IP Mapping for outgoing traffic?

In a typical MultiNAT scenario, a specific WAN IP address will map to a specific internal LAN (private) IP address for incoming traffic. That is useful for hosting services on specific ports whilst retaining default firewalling facility of the router on other ports. There are circumstances where you might want to expose an internal PC and that any sessions it instigates to the WAN have a source IP address fixed from your IP Pool. This will happen automatically when you use the DMZ facility on a MultiNAT address.

MultiNAT DMZ

In the above example, therefore, when PC 192.168.1.8 sends anything to the Internet, it will have a source IP address of 222.41.140.19

How do you rate this article?

1 1 1 1 1 1 1 1 1 1




Add a comment to this article

In the below box, you can add comments which you consider might be helpful to other users reading this article:

(As you'd like it to appear on the comment)


NOTE : All comments are reviewed before publication and may not be posted or may be redacted if the editors do not consider them helpful. The use of offensive or obscene language, copyrighted material, or advertising or promotion or linking to any other product or service is prohibited. By submitting your comment, you confirm that you are the original author and assign copyright of the content to DrayTek indefinitely and irrevocably.