Mixed-Mode Limitation
Because NAT has a single state table only, NAT cannot be used to translate the IP addresses of the internal network in this mixed-mode configuration. You can, however, use NAT on the routing interfaces and on the stealth interfaces on a mixed-mode Screen provided that the packets only pass through the Screen once.
NAT is not required because the proxies that provide the telnet/ FTP/HTTP connections between the Internet and the internal network use the IP address of the Screen and not the illegal IP address of the host, only the Screen needs to be able to resolve the hosts IP address.
For example, the mail-server can have its address translated when packets pass to the Internet as the packets only pass through the stealth interfaces once. This is true of any host on the private part of the network (192.168.3.0 in this example) or on the 192.156.4.0 network.
- © 2010, Oracle Corporation and/or its affiliates