Prestige 2000W User’s Guide
Chapter 12 User Web Configurator Screens
79
Figure 24
Restricted Cone NAT: Incoming
12.10.2.3 Port Restricted Cone NAT
For all outgoing packets, port restricted cone NAT maps the source address to one IP address
and port on another network. This is the same as full cone NAT (see
Section 12.10.2.1.1 on
page 78
for an example).
However, packets can only be sent back through NAT from an IP address and port number to
which packets have been sent from the original source address.
In the following example, X already sent a packet to Y at e.f.g.h:20202. This means that Y can
send a packet to X from e.f.g.h:20202.
X did not send a packet to Y at e.f.g.h:10101, so Y cannot send a packet to X from
e.f.g.h:10101.
X did not send a packet to Z, so Z cannot send packets to X.
Figure 25
Port Restricted Cone NAT: Incoming
12.10.2.4 Symmetric NAT
The full, restricted and port restricted cone NAT types use the same mapping for an outgoing
packet’s source address regardless of the destination IP address and port.
In symmetric NAT, the mapping of a outgoing packet’s source address to a source address in
another network is different for each different destination IP address.
In the following figure, X sends a packet to Y from IP address 10.0.0.3:80. The NAT router
maps the packet’s SA to a.b.c.d:1234 (see 1 in the figure). X also sends a packet to Z, but this
time the NAT router maps the SA to a.b.c.d:5678 (see 2 in the figure).
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
