How NAT Applies To Device Servers

Top  Previous  Next

 

This topic adds no new information; It merely provides an explicit demonstration of what happens when you put a Device Server inside of a LAN, behind a NAT gateway.

 

note_warning-wt

IMPORTANT NOTE: establishing the connection isn't the same as using the connection!

 

When one side establishes the connection, both sides can then use it. It does not mean that only the side who established the connection can now talk, and that the other side must listen.

 

Think of it like a phone call -- when you call your friend, both of you can talk, even though it's you who made the call. This is important.

 

Establishing an Inbound Connection

 

An image is worth a thousand words:

 

an009_nat_3

As can be seen above, when you have a DS in a LAN, behind a NAT router, you cannot simply establish a connection from outside. The port isn't mapped anywhere, so the router drops the packet.

 

There are three solutions for establishing a connection with a DS which is behind a NAT router:

 

Solution 1: The DS Establishes The Connection

 

Here, the DS initiates the connection. As covered above, there's no problem in setting up an outbound connection from behind a NAT router. In effect, it looks like this:

 

an009_nat_4

 

Points of attention:

 

The routing mode for the DS, as configured in Routing Mode (RM) setting, must be Client Only or Client Or Server.

 

The destination of the DS, as configured in Destination IP-address (DI) setting, must be actually reachable from within the NAT. Meaning, it cannot be behind another NAT router. You need to be able to ping it. See the diagram above -- the Remote Host can be reached directly and has a "real" IP address.

 

It is advisable to set the Connection Mode (CM) setting as Immediate (on Power-up), so that the DS would establish the outgoing connection immediately when it's turned on.

 

Solution 2: Use Tibbo LinkServer

 

The Tibbo LinkServer is a product developed to answer this exact need. What if both the remote host and the DS (or multiple Device Servers) are behind a NAT router, and you cannot allow inbound access for either one of them?

 

In this case, you use a middle man. You need a server in the middle, to which both the remote host and the DS could reach, and 'meet' there. Such a scenario would look like this:

 

 

an009_ls_link_service

 

This solution is discussed in detail in the LinkServer user manual. It does require one static IP address, and the purchasing and configuration of a separate product (The LinkServer).        

 

Solution 3: Configure The Router for Inbound Access

 

It is possible to configure a NAT router so it would allow certain inbound traffic, and would correctly route it to a host within its LAN. This is done using Port Forwarding.