This page contains info pertaining to CBOS 2.0.1/2.1.0, 2.2.0 and 2.4.1 command syntax.

Mohammad Elwakil has built a cool WIN9x program for generating NAT entries for CBOS 2.2.

What its for The Network Address Translation maps requests aimed toward your external Global IP/Port to your Local IP/Port. NAT mapping allows external internet applications to initiate communications with your PC. Examples of such applications would be FTP server, ICQ, RealNetworks, Etc.

Each port you wish to allow access to must be opened individually. Then is no way to do a range of ports. The exception is using wildcards (CBOS 2.2.0-2.4.1 only).

Do I need it? Although NAT must be turned on if you have a dynamic IP, you don't _need_ to do anything other than the NAT wildcard in order for most internet applications to work. The wildcard will dynamically open all ports for incoming connections.

Note: If you elect to use the NAT wildcard to open all ports, you disable the hardware firewall functionality of the 675. See the Security page for more info.

Determine local/global IPs Determine and note your Inside Global IP 

    show nat

Determine the Inside Local IP for the machine you wish to map to

If you are on a WIN9x machine you can use winipcfg by selecting your network card rather than your PPP Adapter.

From other machines you can do a route command or perhaps ping 10.0.0.1 will also show your local IP.
CBOS 2.4.1:

The NAT for CBOS 2.4.1 retains syntax from CBOS 2.2.0 and adds the ability to enter NAT entries by range.

To add NAT entries by range In order to enter by range, you must supply the global IP and the protocol. No wildcards are accepted.
Example: To map TCP and UDP ports 28800-29000 from a Global IP of 216.160.194.214 to Local IP 10.0.0.2 
    set nat entry add 10.0.0.2 28800-29000 216.160.194.214 28800-29000 tcp
    set nat entry add 10.0.0.2 28800-29000 216.160.194.214 28800-29000 udp
CBOS 2.2.0:

The NAT for CBOS 2.2 handles wildcards for entry additions and deletions.

To flush all NAT entries and clear the table 
    set nat entry del all
Map all ports at once with wildcard Example: To map all ports on the 675 from the Global IP to Local IP 10.0.0.2 
    set nat entry add 10.0.0.2
Using multiple wildcards Example: To map all ports on the 675 from the Global IP to three machines 
    set nat entry add 10.0.0.4
    set nat entry add 10.0.0.3
    set nat entry add 10.0.0.2
    set nat timeout tcp negotiation 20

What happens in this case is an incoming connection first attemps to connect to 10.0.0.2 (remember that the NAT table gets reversed at reboot). When the connection fails after 20 seconds, it will move on to the next IP 10.0.0.3, etc.

Map particular ports with wildcard protocol Example: To map port 5901 (all protocols) from the Global IP to Local IP 10.0.0.3 
    set nat entry add 10.0.0.3 5901

Something to consider:

Say you have opened port 80 TCP to run a web server on 10.0.0.3 and also have the wildcard set for 10.0.0.2. A problem arises when an incoming connection bound for port 80 comes in for UDP or ICMP. Since the wildcard is set for 10.0.0.2 and only TCP is open for 10.0.0.3, the UDP or ICMP attempt will try to connect to 10.0.0.2 until it times out.
Wildcard and Timeouts The NAT wildcard allows NAT to dynamically build table entries as they are needed. These entries remain in the table until they are no longer used and the corresponding timeout takes place. The TCP idle timeout default is 86,400 seconds. The timeout for UDP is 120 seconds. 60 seconds for ICMP.

Where this becomes important is when you have an application that sets up a connection initially, then ignores it for a period of time. When that application tries to use that connection again and the timeout has expired, the application may fail as if the connection is lost.

Two examples of this are ICQ and some online gaming (i.e. Internet Gaming Zone).

To work around this, you can set the UDP and ICMP timeouts to a period longer than the expected connection duration.

This example is more than enough for the Zone: 

    set nat timeout udp 3600
    set nat timeout icmp 3600

If you are running a server you'll need to adjust the TCP negotiation timeout to a value which reflects the maximum expected connection session time: 

    set nat timeout tcp negotiation 65000
The Wildcard and
NAT Table Order		 When the 675 reboots, the NAT table is regenerated in the opposite order that it was created. This is important if you use the wildcard.

Here's an example of entering the wildcard out of order: 

    set nat entry add 10.0.0.5 80
    set nat entry add 10.0.0.4 21
    set nat entry add 10.0.0.4 20
    set nat entry add 10.0.0.2
    write
    reboot

will result in a NAT table that looks like 

    10.0.0.2:*****xxx.xxx.xxx.xxx:*****     0    0x3041   ***
    10.0.0.4:   20  xx.xxx.xxx.xxx:   20    0    0x2041   ***
    10.0.0.4:   21  xx.xxx.xxx.xxx:   21    0    0x2041   ***
    10.0.0.5:   80  xx.xxx.xxx.xxx:   80    0    0x2041   ***

Notice that the wildcard entry ended up at the top of the table. This means that incoming connections headed for ports 20, 21 and 80 will be hung up trying to connect to 10.0.0.2.

The proper way to enter the wildcard, is as the first entry 

    set nat entry add 10.0.0.2
    set nat entry add 10.0.0.5 80
    set nat entry add 10.0.0.4 21
    set nat entry add 10.0.0.4 20
    write
    reboot

will result in a NAT table that looks like 

    10.0.0.4:   20  xx.xxx.xxx.xxx:   20    0    0x2041   ***
    10.0.0.4:   21  xx.xxx.xxx.xxx:   21    0    0x2041   ***
    10.0.0.5:   80  xx.xxx.xxx.xxx:   80    0    0x2041   ***
    10.0.0.2:*****xxx.xxx.xxx.xxx:*****     0    0x3041   ***

This way, the static entries for ports 20, 21 and 80 get to the right local IP. 10.0.0.2 gets the rest.

Another option would be to "write" the static entries, but not the wildcard. That way you could remove the wildcard with a "reboot" or "set nat entry del inside 10.0.0.2".

Adding the wildcard without doing a "write" and a "reboot" will leave the wildcard at the bottom of the table where it won't interfere with the static entries.

CBOS 2.0.1 and 2.1.0:
How to set Enter enable mode 

    enable

Set mapping for each required port. 

    set nat entry add local_ip port global_ip port protocol
    write
        local_ip  = Inside Local IP
        port      = Inside Local port
        global_ip = Inside Global IP
        port      = Inside Global Port
        protocol  = udp, tcp or icmp
Example To enable port 80 (web server) when your internal IP is 10.0.0.2 and your global IP is 216.160.194.214 : 

    enable
    set nat entry add 10.0.0.2 80 216.160.194.214 80 tcp
    write

Do a del to remove an entry 

    enable
    set nat entry del 10.0.0.2 80 216.160.194.214 80 tcp
    write