Tutorial: Use of SNAT
Related Documents:
- User Manual mbNETFIX: https://downloadportal.mbconnectline.com/en/mbnetfix.html
Use SNAT if the network subscriber to be reached is outside the network area of the sender, has no or an incorrect (inappropriate) gateway entry and can therefore not send a reply to an delivered data packet.
1. SNAT WAN to LAN
Replaces the sender address of each IP packet that goes from WAN to LAN with the LAN IP. In the above case a PING goes from 172.25.15.74 to 192.168.0.112. However, PC1 does not see the sender address 172.25.15.74, rather 192.168.0.105. As the sender address is thus in a network, it is not necessary to use a gateway. I.e. PC1 sends the answer to 192.168.0.105. Because of the SNAT, the NF1 has noted the IP traffic and converts the response back to the original IP addresses.
Settings of the PCs:
- PC1: IP: 192.168.0.112/24, Gateway: -----
- PC2: IP: 172.25.15.74/16, Gateway: 172.25.15.90
Settings of mbNETFIX NF1:
- Set it to Gateway Mode.
- Set IP-Addresses LAN and WAN.
- Activate the WAN to LAN function at SNAT.
- Add a rule for ACCEPT the protocol ICMP on WAN to LAN (or any other acceptance you need for your project), so that you can ping PC1 from PC2.
2. SNAT LAN to WAN
The same as WAN to LAN, only in the opposite direction.
Settings of the PCs:
- PC1: IP: 192.168.0.112/24, Gateway: 192.168.0.105
- PC2: IP: 172.25.15.74/16, Gateway: -----
Settings of mbNETFIX NF1:
- Set it to Gateway Mode.
- Set IP-Addresses LAN and WAN.
- Activate the WAN to LAN function at SNAT.
- Add a rule for ACCEPT the protocol ICMP on LAN to WAN (or any other acceptance you need for your proejct), so that you can ping PC2 from PC1.
| Revision: V1.0 |
|---|