many NAT pools and a single pool can be used in more than one NAT rule. This topic isdiscussed further in Section 7.2, “NAT Pools”.Applying NAT TranslationThe following illustrates how NAT is applied in practice on a new connection:1. The sender, for example 192.168.1.5, sends a packet from a dynamically assigned port, forinstance, port 1038, to a server, for example 195.55.66.77 port 80.192.168.1.5:1038 => 195.55.66.77:802. In this example, the Use Interface Address option is used, and we will use 195.11.22.33 as theinterface address. In addition, the source port is changed to a free port on the D-Link Firewall,usually one above 32768. In this example, we will use port 32789. The packet is then sent to itsdestination.195.11.22.33:32789 => 195.55.66.77:803. The recipient server then processes the packet and sends its response.195.55.66.77:80 => 195.11.22.33:327894. NetDefendOS receives the packet and compares it to its list of open connections. Once it findsthe connection in question, it restores the original address and forwards the packet.195.55.66.77:80 => 192.168.1.5:10385. The original sender now receives the response.Example 7.1. Adding a NAT RuleTo add a NAT rule that will perform address translation for all HTTP traffic originating from the internal network,follow the steps outlined below:CLIFirst, change the current category to be the main IP rule set:gw-world:/> cc IPRuleSet mainNow, create the IP rule:gw-world:/main> add IPRule Action=NAT Service=http SourceInterface=lanSourceNetwork=lannet DestinationInterface=anyDestinationNetwork=all-nets Name=NAT_HTTP NATAction=UseInterfaceAddressReturn to the top level:gw-world:/main> ccWeb Interface1. Go to Rules > IP Rules > Add > IPRule7.1. NAT Chapter 7. Address Translation285
