Dst address translation (DNAT)

Destination Network Address Translation (DNAT)

Destination Network Address Translation (NAT) is to chance request packet destination IP address to another IP based on IP field or packet header field. This is typically used for inbound access, from public Internet to Internal network resources. mbox supports three types of Destination Network Address Translation (DNAT)

• Static DNAT (one static public IP mapped to one private IP)

• Port forwarding (one static public IP mapped to multiple private IP using different protocol & port numbers)

• Dynamic DNAT (dynamic WAN IP address, mapped to private IP using protocol & port numbers)

NOTE:

• When we need to map internal IP to a public IP address, the public IP address(es) has/have to be configured on the external WAN interface (as secondary IP) otherwise mbox will not respond to upstream ARP requests for the NAT address.

• The firewall-access rule also must permit the respective inbound access to the private IPs.

#1 DNAT - Port forwarding (when WAN IP is static).

#2 dynamic DNAT - Port forwarding (when WAN IP is dynamic)

#3 DNAT - Static (one to one).