next up previous contents
Next: Dynamic Address Translation Up: Example Implementation Previous: The Core NAT Implementation

Static Address Translation

The standard translation function used by all other NAT functions (dynamic, virtual server,...) does static translation. It gets a pointer to the buffer holding the IP packet and the new source and destination addresses that shall be inserted, including a network mask. This mask is 255.255.255.255 when the function is called by the dynamic NAT functions, since only with static NAT entire networks can be translated using the same parameters for this function. All others have no 1:1 mapping and have to keep track of the real IP to NAT-IP mapping.
Included is the ability to rewrite source and destination UDP and TCP ports, which enhances this NAT implementation further.However, this function must be used with care. Since we do not keep state information about every connection we cannot determine the port the answer packet for a packet where ports have been replaced must have. If we kept state information we would simply look up the connection the packet belongs to and would than know the correct ports. For this reason no bidirectional rules can be used for port rewriting. We always need two rules, one for the inbound and one for the outbound direction, each containing exactly one port the packet has to match in order to be translated. If the port specified is a source or a destination port depends on what port we want to rewrite. Most of the time this will be a destination port, I guess.
The port issue shows how important keeping state information is for NAT to really be flexible.


next up previous contents
Next: Dynamic Address Translation Up: Example Implementation Previous: The Core NAT Implementation
Michael Hasenstein
8/22/1997