Configuring PAT
The PAT feature enables local hosts with designated private IP addresses to communicate with
the outside world. Basically, the router translates the source address of the IP header into a global,
unique IP address before the packet is forwarded to the outside network. Likewise, IP packets
returning will go through address translations again to the designated private IP addresses
where the communication originated.
When PAT is enabled, RIP packet transmission is automatically disabled to prevent leaking
private IP addresses to the outside network.
To enable PAT, the two commands that you need are as follows:
set ip pat on This command enables PAT and must be configured before the set ip pat
porthandler command can be used.
set ip pat porthandler The port handler translates a public TCP or UDP port to a private IP
address and port. When a packet is received from the outside, the router compares the port number
with an internally configured port handler list of up to 15 entries. If a port handler is defined
for this port, it routes the packet to the appropriate port handler (internal IP address). If a default
port handler is defined, it routes the packet there. The possible parameters are as follows:
default enables the port handler for all well-known ports, except ports specifically
assigned a handler.
telnet enables the port handler for the Telnet protocol on port 23.
ftp enables the port handler for File Transport Protocol (FTP) and uses TCP protocol
port 21.
smtp enables the port handler for Simple Mail Transfer Protocol (SMTP) and uses TCP
protocol port 25.
wins enables the port handler for NetBIOS session service on port 139.
http enables the port handler for World Wide Web–HTTP service and secure-HTTP
port 80 or 443.
off disables a certain port handler.
port configures a custom port handler for a port not normally considered a well-known
port. Remember that only 15 port handlers can be configured at once.
All parameters are followed by the appropriate IP address.