2. Specify a suitable name for the rule, for example NAT_HTTP3. Now enter:• Action: NAT• Service: http• Source Interface: lan• Source Network: lannet• Destination Interface: any• Destination Network: all-nets4. Under the NAT tab, make sure that the Use Interface Address option is selected5. Click OKProtocols Handled by NATDynamic address translation is able to deal with the TCP, UDP and ICMP protocols with a goodlevel of functionality since the algorithm knows which values can be adjusted to become unique inthe three protocols. For other IP level protocols, unique connections are identified by their senderaddresses, destination addresses and protocol numbers.This means that:• An internal machine can communicate with several external servers using the same IP protocol.• An internal machine can communicate with several external servers using different IP protocols.• Several internal machines can communicate with different external servers using the same IPprotocol.• Several internal machines can communicate with the same server using different IP protocols.• Several internal machines can not communicate with the same external server using the same IPprotocol.NoteThese restrictions apply only to IP level protocols other than TCP, UDP and ICMP,such as OSPF, L2TP, etc. They do not apply to the protocols transported by TCP,UDP and ICMP such as telnet, FTP, HTTP and SMTP. NetDefendOS can alter portnumber information in the TCP and UDP headers to make each connection unique,even though such connections have had their sender addresses translated to the sameIP.Some protocols, regardless of the method of transportation used, can cause problems during addresstranslation.Anonymizing Internet Traffic with NATA useful application of the NAT feature in NetDefendOS is for anonymizing service providers toanonymize traffic between clients and servers across the public Internet so that the client's public IPaddress is not present in any server access requests or peer to peer traffic.We shall examine the typical case where the D-Link Firewall acts as a PPTP server and terminatesthe PPTP tunnel for PPTP clients. Clients that wish to be anonymous, communicate with their local7.1. NAT Chapter 7. Address Translation286
