Setting up network address translation

To set up the SafeLinx Server to act as an agent between a public network and a private network and perform network address translation, add a network address translator (NAT).

A NAT defines a range of unique IP addresses, then randomly assigns an originating packet to a port number (1024 through 65535). The NAT maintains the mapping of the packet to the port number in a translation table during a TCP session or until a timeout occurs for a TCP session or a UDP connection.

For example, a SafeLinx Client makes an HTTP request for a web page.
  • SafeLinx Client IP address = 34.34.130.3
  • NAT using single IP address = 48.48.130.9
  • HTTP server IP address = 129.42.16.99

The HTTP request packet from the SafeLinx Client has a source address and port pair of 34.34.130.3@32771 and a destination address and port pair of 129.42.16.99@80

When the packet reaches the NAT, the NAT reassigns the source address to its own IP address and assigns a random port number. The NAT sends the packet to the HTTP server with a source address and port pair of 48.48.130.9@6022 and the destination address and port pair remains 129.42.16.99@80

When the page is retrieved, the HTTP server responds with a packet, which has a source address and port pair of 129.42.16.99@80

The destination address and port pair from the HTTP server is 48.48.130.9@6022

The NAT receives the packet and maps the destination address and port back to the SafeLinx Client at 34.34.130.3@32771

When you create a NAT, you specify:
  • A descriptive name
  • The IP addresses that identify the NAT addresses. When more than one address is specified, the IP addresses are assigned in a continuously repeating round-robin fashion.
  • The amount of time in minutes of inactivity that determines a TCP and UDP session timeout
  • The source and destination packet data addressing information that filters whether the NAT should process a packet. If you do not specify any source or destination addresses, the NAT applies to the all traffic connected through the MNI.
  • A packet mapping group if you want to add the NAT to a group. Make sure to create a packet mapping group first, then add the NAT to it.
After you create the NAT or added a NAT to a packet mapping group, assign the NAT or packet mapping group to an MNI:
  1. Right-click the MNI to which you want to assign the NAT and select Properties.
  2. Click the Security tab of the MNI
  3. Select the NAT or packet mapping group and click OK or Apply.