Understanding Netopia NAT Behavior C-5Now both IP packets have the exact same source IP address (200.1.1.40) and source ports (400). The NetopiaR9100 is then able to distinguish between the two IP packets by changing the source TCP or UDP ports andkeeping this information in an internal table. As seen above, the source port for Workstation A has beenchanged to 5001 and the source port for Workstation B has been changed to 5002.If you were to look at the internal port mapping table that is maintained by the Netopia R9100, it would looksimilar to the following:With this information the Netopia R9100 can determine the appropriate routing for an IP response from theInternet. In this case, when the WWW server responds with a destination port of 5001, the Netopia R9100 cansee that this packet's destination on the local LAN interface is actually Workstation A at IP address192.168.5.2. Likewise, with the response for port 5002, the Netopia R9100 can see that this packet'sdestination on the local LAN interface is actually Workstation B at IP address 192.168.5.3.Exported servicesNote that this “automatic” port remapping and IP address substitution only works in one direction – for IPpackets that originated on the LAN interface destined to the WAN interface and the Internet. In order for portremapping and IP address substitution to work in the other direction – that is, hosts on the Internet that want tooriginate an IP packet destined to a host on the Netopia R9100s LAN interface – a manual redirection of TCP orUDP ports as well as destination IP addresses within the Netopia R9100 is required. This manual portremapping and IP address substitution is accomplished by setting up exported services.Exported services are essentially user-defined pointers for a particular type of incoming TCP or UDP servicefrom the WAN interface to a host on the local LAN interface. This is necessary since the Netopia R9100 andthus the attached local LAN has only one IP presence on the WAN interface and Internet. Exported servicesallows the user to redirect one type of service – for example Port 21 (FTP) – to a single host on the local LANinterface. This will then allow the Netopia R9100 to redirect any packets coming in from the Internet with thedefined destination TCP or UDP port of port 21 (FTP) to be redirected to a host on the local LAN interface.For example, suppose the WWW server on the Internet with the IP address of 163.176.4.32 wants to accessWorkstation B on the Netopia R9100s local LAN interface which is operating as an FTP server. The IP addressfor Workstation B is 192.168.5.3, which is not a valid IP address, and thus the WWW server on the Internetcannot use this IP address to access Workstation B.The WWW server on the Internet would then have to use the single valid IP address that was acquired on theNetopia R9100's WAN interface to access any host on the Netopia R9100's local LAN interface, since this isthe only valid address for the Internet. But if the WWW server on the Internet opens a connection to 200.1.1.40via port 21 (FTP) and no exported services are defined on the Netopia R9100, the Netopia R9100 will discardthe incoming packet since the Netopia R9100 itself does not perform the requested service.You can see why exported services are necessary. In the example above, an Exported Service needs to bedefined within the Netopia R9100 redirecting any incoming IP traffic with a destination port of 21 to the host onthe local LAN interface with the IP address of 192.168.5.3.Source LAN IP Source LAN Port Remapped LAN Port192.168.5.2 TCP 400 TCP 5001192.168.5.3 TCP 400 TCP 5002