Static NAT Testing with CDRouter
The CDRouter Multiport expansion includes support for static NAT configurations. CPE devices that support this functionality will have two or more public IPv4 addresses. One public address is typically assigned to the primary WAN connection and one or more additional public IPv4 addresses are also assigned. These additional IPv4 addresses are used to allow a host on the LAN side of CPE to have its own public IPv4 address on the WAN. The IPv4 mapping between the public WAN and the private LAN is one-to-one and generally known as “static NAT”.
Test Coverage
CDRouter Multiport includes the nat-static.tcl test module specifically for testing static NAT hosts. This new module covers NAT functionality that is unique to static NAT mappings. However, all of CDRouter’s existing test modules can also be run on any configured static NAT hosts. CDRouter will automatically map traffic from specific LAN hosts to the appropriate public IP address based on the defined static NAT mappings.
CDRouter Multiport handles static NAT by defining a new LAN interface for each additional static NAT host. By repeating each test for all configured LAN interfaces, you can easily verify that the behavior of specific functionality supported by the DUT is consistent for both regular DHCP LAN hosts and any additional static NAT hosts that have been defined.
Getting Started
Support for static NAT is included in the Multiport expansion. As a result, you must have the Multiport expansion
installed to run the nat-static.tcl test module and configure static NAT configurations. Static NAT hosts
are defined within by creating additional LAN interfaces for each host using the testvar_group concept.
A LAN interface becomes a “static NAT” host when the testvars staticNatIp and the hostIp are defined.
The following example illustrates a basic static NAT configuration for CDRouter. In this example a second physical
LAN interface (eth2) is added to the test setup using the testvar_group option. A new LAN host with an IP address
of 192.168.1.100 is created on this interface. This host is designated a static NAT host by adding the staticNatIp
testvar to the testvar_group, which creates a static NAT mapping from the LAN host to the public IP 68.1.2.18.
Basic configuration example
Note - All the examples below only show a snippet of the relevant testvars used. There will be other testvars in any configuration file that is being edited.
# -- Primary LAN interface setup
SECTION "Base Configuration" {
SECTION "LAN" {
SECTION "LAN Interface" {
testvar lanInterface eth1
testvar lanMode DHCP
}
}
}
# -- Static NAT host setup
SECTION "CDRouter Multiport Expansion" {
SECTION "Additional LAN Interface Setup" {
testvar_group lan2 {
SECTION "IPv4 LAN" {
SECTION "LAN Interface" {
testvar lanInterface eth2
SECTION "LAN Host IP" {
testvar hostIp 192.168.1.100
}
}
SECTION "IPv4 Firewall and NAT" {
SECTION "Static NAT" {
testvar staticNatIp 68.1.2.18
}
}
}
}
}
}
Static NAT hosts do not need to be created on separate physical LAN interfaces. Static NAT hosts can share
physical LAN interfaces with other LAN or static NAT hosts provided the physical interface is Ethernet. Whenever a
static NAT host is defined on the same physical LAN interface as another host, a unique MAC address should be
configured for the static NAT host using a combination of the testvars cdrouterOui and lanMacId.
Static NAT hosts may be placed on wireless interfaces, although wireless interfaces can not be shared by multiple LAN and static NAT hosts.
The example below shows how a specific MAC address B0:75:0C:11:22:33 can be configured for a static NAT host
that is sharing a physical interface with the primary LAN client (eth1).
Example with specific MAC address
# -- Primary LAN interface setup
SECTION "Base Configuration" {
SECTION "LAN" {
SECTION "LAN Interface" {
testvar lanInterface eth1
testvar lanMode DHCP
}
SECTION "Additional Features" {
testvar cdrouterOui B0750C
}
}
}
# -- Static NAT host setup
SECTION "CDRouter Multiport Expansion" {
SECTION "Additional LAN Interface Setup" {
testvar_group lan2 {
SECTION "IPv4 LAN" {
SECTION "LAN Interface" {
testvar lanInterface eth1
testvar lanMacId 112233
SECTION "LAN Host IP" {
testvar hostIp 192.168.1.100
}
}
SECTION "IPv4 Firewall and NAT" {
SECTION "Static NAT" {
testvar staticNatIp 68.1.2.18
}
}
}
}
}
}
Configure NAT Mode
By default, CDRouter will assume that the static NAT host is using the same NAT mode as the main WAN interface.
The testvar natMode is used to define the expected NAT mode for the WAN interface. This testvar can also be
defined inside of the testvar group to change the expected NAT mode for the static NAT host. For example, if
the main WAN interface is using a port-restricted NAT, but the static NAT hosts use a full-cone NAT, the
expected NAT mode on the static NAT host can be redefined.
Example with NAT mode
SECTION "CDRouter Multiport Expansion" {
SECTION "Additional LAN Interface Setup" {
testvar_group lan2 {
SECTION "IPv4 LAN" {
SECTION "LAN Interface" {
testvar lanInterface eth2
SECTION "LAN Host IP" {
testvar hostIp 192.168.1.100
}
}
SECTION "IPv4 Firewall and NAT" {
SECTION "Static NAT" {
testvar staticNatIp 68.1.2.18
testvar natMode full-cone
}
}
}
}
}
}
Configure Firewall, Virtual Services and Port Triggers
If a static NAT host does not have a firewall applied, the testvar staticNatFirewall can be set to “no”.
Otherwise, CDRouter assumes that basic firewalling is enabled on all static NAT hosts. Any virtual services,
port triggers, or firewall exceptions can also be defined using the same testvar syntax as the main LAN interface.
Example with no firewall enabled on static NAT host
SECTION "CDRouter Multiport Expansion" {
SECTION "Additional LAN Interface Setup" {
testvar_group lan2 {
SECTION "IPv4 LAN" {
SECTION "LAN Interface" {
testvar lanInterface eth2
SECTION "LAN Host IP" {
testvar hostIp 192.168.1.100
}
}
SECTION "IPv4 Firewall and NAT" {
SECTION "Static NAT" {
testvar staticNatIp 68.1.2.18
testvar staticNatFirewall no
}
}
}
}
}
}
Example with additional services on static NAT host
# -- Primary LAN interface setup
SECTION "Base Configuration" {
SECTION "LAN" {
SECTION "LAN Interface" {
testvar lanInterface eth1
testvar lanMode DHCP
}
SECTION "Additional Features" {
testvar cdrouterOui B0750C
}
}
}
# -- Static NAT host setup
SECTION "CDRouter Multiport Expansion" {
SECTION "Additional LAN Interface Setup" {
testvar_group lan2 {
SECTION "IPv4 LAN" {
SECTION "LAN Interface" {
testvar lanInterface eth1
testvar lanMacId 112233
SECTION "LAN Host IP" {
testvar hostIp 192.168.1.100
}
}
SECTION "IPv4 Firewall and NAT" {
SECTION "Static NAT" {
testvar staticNatIp 68.1.2.18
}
SECTION "Special Application Port Triggers" {
testvar portTriggers yes
testvar triggerName1 AIMtalk
testvar triggerPort1 4099
testvar triggerType1 tcp
testvar triggerPublic1 5190
testvar triggerPublicType1 tcp
}
SECTION "TCP and UDP Virtual Services (Port Mappings)" {
SECTION "TCP Virtual Services" {
testvar virtualTcpServices yes
testvar virtualTcpServicePort1 21
testvar virtualTcpServiceHost1 192.168.1.100
testvar virtualTcpServiceName1 ftp
testvar virtualTcpServiceLanPort1 21
}
SECTION "UDP Virtual Services" {
testvar virtualUdpServices yes
testvar virtualUdpServicePort1 69
testvar virtualUdpServiceHost1 192.168.1.100
testvar virtualUdpServiceName1 ftp
testvar virtualUdpServiceLanPort1 69
}
}
}
}
}
}
}
