Downloaded 46 times
More Related Content
Nat
- 1. Network Address Translation NAT typically translates private IP addresses on inside networks to public IP addresses on outside networks ◦ NAT can be used to translate any network IP addresses to any other network range and is used in this way when 2 networks are connected and there is an addressing conflict - both networks are using the same IPs) Note that this topology is for the classroom labs to avoid routing complexity. For a typical SOHO network the outside hosts and servers would be located on the Internet side of the ISP in the cloud
- 2. Private Addresses defined in RFC 1918: ◦ 10.0.0.0 /8 10.0.0.0 to 10.255.255.255 subnet mask 255.0.0.0 ◦ 172.16.0.0 /12 172.16.0.0 to 172.31.255.255 subnet mask 255.240.0.0 ◦ 192.168.0.0 /16 192.168.0.0 to 192.168.255.255 subnet mask 255.255.0.0 Private address ranges were reserved from the IPv4 addressing space to extend the life of IPv4 ◦ Private addresses can be used inside home or business networks over and over again but they must be translated into a public IP address when connecting to the Internet Private addresses are illegal on the internet and ISPs receiving a packet with a private source IP address will drop the packet ◦ Private addresses are used on the inside network of the router ◦ Private addresses are translated into public addresses (Class A, Class B and Class C addresses excluding reserved addresses) by a technique called NAT Network Address Translation
- 3. Sender creates a packet and sends it to the gateway on the Wireless router ◦ The source IP is the local private address of the sending host The receiving interface on the router is NAT enabled ◦ The router creates an entry in the translation table and records the source IP of the packet and the source port number of the packet ◦ The router rewrites the source IP with a public address If Dynamic NAT is used the public IP address is taken from a NAT pool of addresses If PAT is used the IP address of the outside interface of the router is used and the source port is rewritten with a new port number so the router can differentiate connections from the same source This is the method used by the Wireless Router If Static NAT is used a permanent mapping is configured and the router uses a public address that is allocated to one inside host exclusively This is used when the host is a server that accepts connections from the outside
- 4. The router moves the packet with its rewritten source IP and port number to the outside interface and sends it on through the network to the destination The destination receives the packet ◦ The packet arrives with the natted public IP address (also called the global address) as its source IP address ◦ The destination creates a reply packet with the natted IP address (the global address) as the destination IP address ◦ The packet gets sent back through networks to the wireless router The router receives the reply packet on its outside interface ◦ The router searches the translation table for a match to the global IP address and port number ◦ The router rewrites the destination IP with the local IP address and local port no (if PAT was used) that it found a match to in the translation table The router moves the packet to the inside interface and sends it with the local addresses in the headers to the original host
- 5. Dynamic NAT ◦ A pool of addresses from the outside network is configured for NAT ◦ An inside host gets allocated a global IP address for sending all the packets in a connection Source Port numbers do not need translating ◦ When the exchange of packets has been completed the entry in the translation table is deleted and the IP is returned to the pool for reuse ◦ If used for the ISP link, a range of IP addresses must be leased from your ISP (e.g. 6 IPs)
- 6. Port address translation ◦ The IP address of the outside interface is used as the global IP address ◦ Because another host on the inside network may make a connection using the a duplicated port number, the source port number is also rewritten by the wireless router so that it can match the translation to the sending host and port number PAT allows many computers using private addressing to share the same ONE outside address ◦ PAT is the method typically used for small home and business networks ◦ PAT supports up to 4096 simultaneous translations (more in theory) ◦ When the connection completes the entry is deleted PAT is also called overloading
- 7. Static NAT is a permanent mapping of ONE inside private IP to ONE outside global address ◦ Static NAT is used for internet facing servers; hosts on the inside of the router that receive connections from the outside Because the private address is hidden (not known) on the outside network, a global IP address is allocated to the server. ◦ The global IP address will be registered to a DNS name and this DNS name (mapped to the global IP) is used by Internet or outside hosts to make connections to a server on the inside network. By default the firewall will prevent the connection so a port forward rule or ACL must be created to allow the connection to enter from the outside network
- 8. Advantages: NAT hasextended the lifetime of IPv4 address space by allowing the private addresses to be used over and over on inside networks and by allowing many hosts to share 1 or more public IP addresses NAT provides some security by hiding inside private addresses. ◦ Inside addresses can not be discovered from packet headers traversing the internet ◦ Protects hosts on inside networks from eavesdropping which precedes an attack Disadvantages: Some applications require the local IP and port numbers and are broken or require special configuration to work over NAT
- 9. Select the Internet connection type This is the outside interface Enter settings Test by pinging from the Wireless Router to the Default Gateway