Nat

926 views

Published on

  • Be the first to comment

  • Be the first to like this

Nat

  1. 1.  Network Address Translation NAT typically translates private IP addresses on inside networks to public IP addresses on outside networks ◦ NAT can be used to translate any network IP addresses to any other network range and is used in this way when 2 networks are connected and there is an addressing conflict - both networks are using the same IPs) Note that this topology is for the classroom labs to avoid routing complexity. For a typical SOHO network the outside hosts and servers would be located on the Internet side of the ISP in the cloud
  2. 2.  Private Addresses defined in RFC 1918: ◦ 10.0.0.0 /8 10.0.0.0 to 10.255.255.255 subnet mask 255.0.0.0 ◦ 172.16.0.0 /12 172.16.0.0 to 172.31.255.255 subnet mask 255.240.0.0 ◦ 192.168.0.0 /16 192.168.0.0 to 192.168.255.255 subnet mask 255.255.0.0 Private address ranges were reserved from the IPv4 addressing space to extend the life of IPv4 ◦ Private addresses can be used inside home or business networks over and over again but they must be translated into a public IP address when connecting to the Internet Private addresses are illegal on the internet and ISPs receiving a packet with a private source IP address will drop the packet ◦ Private addresses are used on the inside network of the router ◦ Private addresses are translated into public addresses (Class A, Class B and Class C addresses excluding reserved addresses) by a technique called NAT Network Address Translation
  3. 3.  Sender creates a packet and sends it to the gateway on the Wireless router ◦ The source IP is the local private address of the sending host The receiving interface on the router is NAT enabled ◦ The router creates an entry in the translation table and records the source IP of the packet and the source port number of the packet ◦ The router rewrites the source IP with a public address  If Dynamic NAT is used the public IP address is taken from a NAT pool of addresses  If PAT is used the IP address of the outside interface of the router is used and the source port is rewritten with a new port number so the router can differentiate connections from the same source  This is the method used by the Wireless Router  If Static NAT is used a permanent mapping is configured and the router uses a public address that is allocated to one inside host exclusively  This is used when the host is a server that accepts connections from the outside
  4. 4.  The router moves the packet with its rewritten source IP and port number to the outside interface and sends it on through the network to the destination The destination receives the packet ◦ The packet arrives with the natted public IP address (also called the global address) as its source IP address ◦ The destination creates a reply packet with the natted IP address (the global address) as the destination IP address ◦ The packet gets sent back through networks to the wireless router The router receives the reply packet on its outside interface ◦ The router searches the translation table for a match to the global IP address and port number ◦ The router rewrites the destination IP with the local IP address and local port no (if PAT was used) that it found a match to in the translation table The router moves the packet to the inside interface and sends it with the local addresses in the headers to the original host
  5. 5.  Dynamic NAT ◦ A pool of addresses from the outside network is configured for NAT ◦ An inside host gets allocated a global IP address for sending all the packets in a connection  Source Port numbers do not need translating ◦ When the exchange of packets has been completed the entry in the translation table is deleted and the IP is returned to the pool for reuse ◦ If used for the ISP link, a range of IP addresses must be leased from your ISP (e.g. 6 IPs)
  6. 6.  Port address translation ◦ The IP address of the outside interface is used as the global IP address ◦ Because another host on the inside network may make a connection using the a duplicated port number, the source port number is also rewritten by the wireless router so that it can match the translation to the sending host and port number PAT allows many computers using private addressing to share the same ONE outside address ◦ PAT is the method typically used for small home and business networks ◦ PAT supports up to 4096 simultaneous translations (more in theory) ◦ When the connection completes the entry is deleted PAT is also called overloading
  7. 7.  Static NAT is a permanent mapping of ONE inside private IP to ONE outside global address ◦ Static NAT is used for internet facing servers; hosts on the inside of the router that receive connections from the outside Because the private address is hidden (not known) on the outside network, a global IP address is allocated to the server. ◦ The global IP address will be registered to a DNS name and this DNS name (mapped to the global IP) is used by Internet or outside hosts to make connections to a server on the inside network. By default the firewall will prevent the connection so a port forward rule or ACL must be created to allow the connection to enter from the outside network
  8. 8. Advantages: NAT has extended the lifetime of IPv4 address space by allowing the private addresses to be used over and over on inside networks and by allowing many hosts to share 1 or more public IP addresses NAT provides some security by hiding inside private addresses. ◦ Inside addresses can not be discovered from packet headers traversing the internet ◦ Protects hosts on inside networks from eavesdropping which precedes an attackDisadvantages: Some applications require the local IP and port numbers and are broken or require special configuration to work over NAT
  9. 9.  Select the Internet connection type This is the outside interface Enter settings Test by pinging from the Wireless Router to the Default Gateway

×