Achmad Mardiansyah, profile picture
Uploaded byAchmad Mardiansyah
PDF, PPTX3,679 views

Mikrotik firewall NAT

The document outlines a webinar conducted by GLC Networks on network address translation (NAT) and MikroTik firewalls, led by Achmad Mardiansyah, a certified trainer. It covers the basics of NAT, its limitations, and practical demonstrations, including source and destination NAT configurations. Additionally, it provides information about GLC Networks' training offerings and invites participants to engage in future webinars.

Embed presentation

Download as PDF, PPTX
www.glcnetworks.com FIREWALL NAT GLC webinar, 04 may 2017 Achmad Mardiansyah achmad@glcnetworks.com GLC Networks, Indonesia 1
www.glcnetworks.com Agenda ● Introduction ● Network Address Translation (NAT) ● Mikrotik firewall NAT ● Demo ● Q & A 2
www.glcnetworks.com What is GLC? ● Garda Lintas Cakrawala (www.glcnetworks.com) ● An Indonesian company ● Located in Bandung ● Areas: Training, IT Consulting ● Mikrotik Certified Training Partner ● Mikrotik Certified Consultant ● Mikrotik distributor 3
www.glcnetworks.com About GLC webinar? ● First webinar: january 1, 2010 (title: tahun baru bersama solaris - new year with solaris OS) ● As a sharing event with various topics: linux, networking, wireless, database, programming, etc ● Regular schedule: every 2 weeks ● Irregular schedule: as needed ● Checking schedule: http://www.glcnetworks.com/main/sc hedule ● You are invited to be a presenter ○ No need to be an expert ○ This is a forum for sharing: knowledge, experiences, information 4
www.glcnetworks.com Trainer Introduction ● Name: Achmad Mardiansyah ● Base: bandung, Indonesia ● Linux user since 1999 ● Mikrotik user since 2007 ● Certified Trainer (MTCNA/RE/WE/UME/INE/TCE) ● Mikrotik Certified Consultant ● Work: Telco engineer, Sysadmin, PHP programmer, and Lecturer ● Personal website: http://achmadjournal.com ● More info: http://au.linkedin.com/in/achmadmardiansyah 5
www.glcnetworks.com Please introduce yourself ● Your name ● Your company/university? ● Your networking experience? ● Your mikrotik experience? ● Your expectation from this course? 6
www.glcnetworks.com What is Mikrotik? ● Name of a company ● A brand ● A program (e.g. mikrotik academy) ● Headquarter: Riga, Latvia 7
www.glcnetworks.com What are mikrotik products? ● Router OS ○ The OS. Specialized for networking ○ Website: www.mikrotik.com/download ● RouterBoard ○ The hardware ○ RouterOS installed ○ Website: www.routerboard.com 8
www.glcnetworks.com What Router OS can do? ● Go to www.mikrotik.com ○ Download: what_is_routeros.pdf ○ Download: product catalog ○ Download: newsletter 9
www.glcnetworks.com What are Mikrotik training & certifications? 10 Certificate validity is 3 years
www.glcnetworks.com Network Address Translation (NAT) 11
www.glcnetworks.com At early stage of internet… (1990s) ● Most of computer’s communication is using layer 3 protocol (Internet Protocol - IP) ● The use of CIDR (classless interdomain routing) -> no class A, B C ● There was a body that registers blocks of IP address ● Internet was booming -> IP address was running out !!! ● NAT was born 12
www.glcnetworks.com RFC1631 - Network Address Translator ● With NAT, IP address now is divided into 2 groups: ○ Private IP address ○ Public IP address ● Private IP address will be translated to public IP address ● Router that supports NAT will do mapping of IP address and port 13
www.glcnetworks.com Mapping between private IP to public IP 14 Source: wikimedia.org
www.glcnetworks.com Mapping public IP and port to private IP 15 Source: wikimedia.org
www.glcnetworks.com 16 Source: wikimedia.org
www.glcnetworks.com However, NAT is not good…. ● Its not scalable. even with the box that is so called “carrier grade NAT” ● Some applications do not work under NATed environment: Online game (xbox, steam), voip, security, etc ● Dont use NAT on your local network -> use routing protocol instead ● NAT is not designed to be permanent solution Ultimate Solution: USE IPv6 !!! 17
www.glcnetworks.com Mikrotik Firewall NAT 18
www.glcnetworks.com 19
www.glcnetworks.com Chain for NAT Do not get confused!! See packet flow ● Chain=Srcnat -> postrouting ● Chain=dstnat -> prerouting Do not get confused with NAT action ● Src-nat ● dst-nat 20
www.glcnetworks.com LAB: SRC-NAT, static IP 21 192.168.X.0/24 192.168.99.90 99_TEACHER 192.168.X.0/24 99_laptop IP address port Destination 192.168.99.90 80 Source 192.168.X.90 XXX IP address port Destination 192.168.99.90 80 Source 192.168.98.X YYY RX SRC-NAT ● IP Header (source IP address) from the laptop of student X, will be modified at RX ● Suitable when the IP address at egress (outgoing) interface is static To check: Run torch at R99
www.glcnetworks.com LAB: SRC-NAT, masquerade 22 192.168.X.0/24 192.168.99.90 99_TEACHER 192.168.X.0/24 99_laptop IP address port Destination 192.168.99.90 80 Source 192.168.X.90 XXX IP address port Destination 192.168.99.90 80 Source 192.168.98.X YYY RX SRC-NAT ● IP Header (source IP address) from the laptop of student X, will be modified at RX ● Firewall will pick the first ip address at exit interface automatically ● Suitable when the IP address at egress interface is dynamic (DHCP-client) To check: Run torch at R99
www.glcnetworks.com Example masquerade 23
www.glcnetworks.com LAB: DST-NAT (port forwarding) 24 192.168.X.0/24 192.168.99.91 99_TEACHER 192.168.X.0/24 webserver IP address port Destination 192.168.X.1 80 Source 192.168.X.90 XXX IP address port Destination 192.168.99.91 80 Source 192.168.X.90 XXX RX SRC-NAT ● IP Header (destination IP address) from the laptop of student X, will be modified at RX ● Firewall will pick the first ip address at exit interface automatically ● Suitable when the IP address at egress interface is dynamic (DHCP-client) To check: Run torch at R99
www.glcnetworks.com LAB: DST-NAT, redirect 25 192.168.X.0/24 192.168.99.91 99_TEACHER 192.168.X.0/24 webserver IP address port Destination 192.168.99.91 80 Source 192.168.X.90 XXX IP address port Destination Router local address 80 Source 192.168.X.90 XXX RX SRC-NAT ● IP Header (destination IP address) from the laptop of student X, will be modified at RX ● Destination IP will be modified to router’s local address To check: Run torch at R99
www.glcnetworks.com QA 26
www.glcnetworks.com Interested? Just come to our training... Special price for webinar attendees… http://www.glcnetworks.c om/main/schedule 27
www.glcnetworks.com End of slides ● Thank you for your attention ● Please submit your feedback: http://bit.ly/glcfeedback ● Like our facebook page: “GLC networks” ● Slide: http://www.slideshare.net/r41nbuw ● Recording: https://www.youtube.com/channel/UCI611_IIkQC0rsLWIFIx_yg ● Stay tune with our schedule 28

More Related Content

PDF
IPv6 with Mikrotik
byGLC Networks
 
PDF
Mikrotik firewall filter
byAchmad Mardiansyah
 
PDF
BGP on mikrotik
byAchmad Mardiansyah
 
PDF
Connection load balancing with mikrotik [workshop]
byAchmad Mardiansyah
 
PDF
Policy Based Routing (PBR) on Mikrotik
byGLC Networks
 
PDF
ISP load balancing with mikrotik nth
byAchmad Mardiansyah
 
PDF
Mikrotik Load Balancing with PCC
byGLC Networks
 
PDF
VLAN on mikrotik
byAchmad Mardiansyah
 
IPv6 with Mikrotik
byGLC Networks
 
Mikrotik firewall filter
byAchmad Mardiansyah
 
BGP on mikrotik
byAchmad Mardiansyah
 
Connection load balancing with mikrotik [workshop]
byAchmad Mardiansyah
 
Policy Based Routing (PBR) on Mikrotik
byGLC Networks
 
ISP load balancing with mikrotik nth
byAchmad Mardiansyah
 
Mikrotik Load Balancing with PCC
byGLC Networks
 
VLAN on mikrotik
byAchmad Mardiansyah
 

What's hot

PDF
Mikrotik Bridge Deep Dive
byGLC Networks
 
PDF
Routing fundamentals with mikrotik
byAchmad Mardiansyah
 
PDF
Mikrotik IP Settings For Performance and Security
byGLC Networks
 
PPTX
VPN on Mikrotik
byAchmad Mardiansyah
 
PDF
Mikrotik firewall raw table
byAchmad Mardiansyah
 
PDF
Mikrotik Hotspot
byGLC Networks
 
PDF
Mikrotik fasttrack
byAchmad Mardiansyah
 
PDF
Using mikrotik with radius
byAchmad Mardiansyah
 
PDF
Queue Type on Mikrotik
byGLC Networks
 
PDF
Mikrotik firewall mangle
byAchmad Mardiansyah
 
PDF
Limiting bandwidth of specific destination based on address list
byAchmad Mardiansyah
 
PDF
Mikrotik Fastpath vs Fasttrack
byGLC Networks
 
PDF
Ch 5: Port Scanning
bySam Bowne
 
PDF
Using MikroTik routers for BGP transit and IX points
byPavel Odintsov
 
PDF
Detecting network virus using mikrotik
byAchmad Mardiansyah
 
PPTX
MikroTik MTCNA
byAli Layth
 
PDF
CCNP Lab Guide CCIE University
bySalachudin Emir
 
PDF
Cisco identity services engine (ise) ordering steps & guide
byIT Tech
 
PDF
MPLS L3 VPN Deployment
byAPNIC
 
PPTX
Cisco Live Milan 2015 - BGP advance
byBertrand Duvivier
 
Mikrotik Bridge Deep Dive
byGLC Networks
 
Routing fundamentals with mikrotik
byAchmad Mardiansyah
 
Mikrotik IP Settings For Performance and Security
byGLC Networks
 
VPN on Mikrotik
byAchmad Mardiansyah
 
Mikrotik firewall raw table
byAchmad Mardiansyah
 
Mikrotik Hotspot
byGLC Networks
 
Mikrotik fasttrack
byAchmad Mardiansyah
 
Using mikrotik with radius
byAchmad Mardiansyah
 
Queue Type on Mikrotik
byGLC Networks
 
Mikrotik firewall mangle
byAchmad Mardiansyah
 
Limiting bandwidth of specific destination based on address list
byAchmad Mardiansyah
 
Mikrotik Fastpath vs Fasttrack
byGLC Networks
 
Ch 5: Port Scanning
bySam Bowne
 
Using MikroTik routers for BGP transit and IX points
byPavel Odintsov
 
Detecting network virus using mikrotik
byAchmad Mardiansyah
 
MikroTik MTCNA
byAli Layth
 
CCNP Lab Guide CCIE University
bySalachudin Emir
 
Cisco identity services engine (ise) ordering steps & guide
byIT Tech
 
MPLS L3 VPN Deployment
byAPNIC
 
Cisco Live Milan 2015 - BGP advance
byBertrand Duvivier
 

Similar to Mikrotik firewall NAT

PDF
Best Current Practice (BCP) 38 Ingress Filtering for Security
byGLC Networks
 
PDF
Internet Protocol Deep-Dive
byGLC Networks
 
PPTX
Network address translation
byVarsha Honde
 
PDF
NAT (network address translation) & PAT (port address translation)
byNetwax Lab
 
PDF
Spliced NAT2NAT And Other Packet-Level Misadventures.pdf
byyoneda1422
 
PPT
Nat 03
byDavinder Chauhan
 
PDF
NAT and firewall presentation - how setup a nice firewall
byCassiano Campes
 
PPT
Nad710 Network Address Translation
bytmavroidis
 
PPT
network address translation and ip masquerading
byAngieloBecenia1
 
PPTX
Cyber security and ethical hacking 3
byShekh Md Mehedi Hasan
 
PDF
Zdalna komunikacja sieciowa - zagadnienia sieciowe
byAgnieszka Kuba
 
PPSX
Firewall & its Services
byNavdeep Dhingra
 
PPT
Bh us-02-kaminsky-blackops
byDan Kaminsky
 
PPT
Bh us-02-kaminsky-blackops
byDan Kaminsky
 
PDF
Manage Your Router with Dynamic Public IP
byGLC Networks
 
PPTX
network address translate
byahmedOday
 
PDF
Module17 nat v2
byRatanang kabalano
 
PDF
NAT
bySurinder Kaur
 
PPTX
networkaddresstranslation-160909142440.pptx
byzmulani8
 
PPTX
Nat 07
byDavinder Chauhan
 
Best Current Practice (BCP) 38 Ingress Filtering for Security
byGLC Networks
 
Internet Protocol Deep-Dive
byGLC Networks
 
Network address translation
byVarsha Honde
 
NAT (network address translation) & PAT (port address translation)
byNetwax Lab
 
Spliced NAT2NAT And Other Packet-Level Misadventures.pdf
byyoneda1422
 
Nat 03
byDavinder Chauhan
 
NAT and firewall presentation - how setup a nice firewall
byCassiano Campes
 
Nad710 Network Address Translation
bytmavroidis
 
network address translation and ip masquerading
byAngieloBecenia1
 
Cyber security and ethical hacking 3
byShekh Md Mehedi Hasan
 
Zdalna komunikacja sieciowa - zagadnienia sieciowe
byAgnieszka Kuba
 
Firewall & its Services
byNavdeep Dhingra
 
Bh us-02-kaminsky-blackops
byDan Kaminsky
 
Bh us-02-kaminsky-blackops
byDan Kaminsky
 
Manage Your Router with Dynamic Public IP
byGLC Networks
 
network address translate
byahmedOday
 
Module17 nat v2
byRatanang kabalano
 
NAT
bySurinder Kaur
 
networkaddresstranslation-160909142440.pptx
byzmulani8
 
Nat 07
byDavinder Chauhan
 

More from Achmad Mardiansyah

PDF
BGP filter with mikrotik
byAchmad Mardiansyah
 
PDF
Mikrotik VRRP
byAchmad Mardiansyah
 
PDF
Routing Information Protocol (RIP) on Mikrotik
byAchmad Mardiansyah
 
PDF
Mikrotik fastpath
byAchmad Mardiansyah
 
PDF
Mikrotik the dude
byAchmad Mardiansyah
 
PDF
IPv6 on Mikrotik
byAchmad Mardiansyah
 
PDF
Mikrotik API
byAchmad Mardiansyah
 
PDF
Mikrotik metarouter
byAchmad Mardiansyah
 
PDF
01 introduction to mpls
byAchmad Mardiansyah
 
PDF
SSL certificate with mikrotik
byAchmad Mardiansyah
 
PDF
Using protocol analyzer on mikrotik
byAchmad Mardiansyah
 
PDF
Troubleshooting load balancing
byAchmad Mardiansyah
 
PDF
Mikrotik User Meeting Manila: bgp vs ospf
byAchmad Mardiansyah
 
PDF
Jumpstart your router with mikrotik quickset
byAchmad Mardiansyah
 
PDF
Wireless CSMA with mikrotik
byAchmad Mardiansyah
 
PDF
Backup & Restore (BR) in Solaris OS
byAchmad Mardiansyah
 
PDF
Solaris 10 Container
byAchmad Mardiansyah
 
PDF
PHPID online Learning #6 Migration from procedural to OOP
byAchmad Mardiansyah
 
BGP filter with mikrotik
byAchmad Mardiansyah
 
Mikrotik VRRP
byAchmad Mardiansyah
 
Routing Information Protocol (RIP) on Mikrotik
byAchmad Mardiansyah
 
Mikrotik fastpath
byAchmad Mardiansyah
 
Mikrotik the dude
byAchmad Mardiansyah
 
IPv6 on Mikrotik
byAchmad Mardiansyah
 
Mikrotik API
byAchmad Mardiansyah
 
Mikrotik metarouter
byAchmad Mardiansyah
 
01 introduction to mpls
byAchmad Mardiansyah
 
SSL certificate with mikrotik
byAchmad Mardiansyah
 
Using protocol analyzer on mikrotik
byAchmad Mardiansyah
 
Troubleshooting load balancing
byAchmad Mardiansyah
 
Mikrotik User Meeting Manila: bgp vs ospf
byAchmad Mardiansyah
 
Jumpstart your router with mikrotik quickset
byAchmad Mardiansyah
 
Wireless CSMA with mikrotik
byAchmad Mardiansyah
 
Backup & Restore (BR) in Solaris OS
byAchmad Mardiansyah
 
Solaris 10 Container
byAchmad Mardiansyah
 
PHPID online Learning #6 Migration from procedural to OOP
byAchmad Mardiansyah
 

Recently uploaded

PPTX
CaseStudy-CloudMigration -For USE CASE -Customer Success Info -6-Aug-25.pptx
bywinlentech
 
PPTX
mc l2 Overview of Computer and Web-Technology.pptx
byavanikharde
 
PDF
WShell Gameplay and Games of Games of Games
byzramirezmtz9
 
PPT
Memory Organization In Assembly Language
byumairmuhammad0409
 
PDF
WShell Gameplay and Games of Games of Games
byzramirezmtz9
 
PDF
ARTIFICIAL INTELLIGENCE DEVELOPMENT SERVICE
bydavidjohansen1597
 
PPT
html-forms in web development-courseICT.
bymadz33
 
PPTX
Abhishek Jaiswal.ppt.pptx for you it is very useful for me and I am sharing w...
byabhishekjaiswal5th33
 
PDF
Here are the winners of KALIDASA SAMMAN.
byglcppro
 
PPTX
SriLank SLT LTE Network Sharing V2.pptx
bynthuang
 
PPTX
Ideathon template.pptx it is a ideathon template
bykonav71133
 
PPTX
Computer Science Degree for College .pptx
byHanenek1
 
PPT
Lecture_3 Network Securityeyeyggegeg.ppt
bysawsan202
 
PDF
Design For Test - Getting Test Automation value from Design Expressions.
byDavid Harrison
 
PPTX
PRITHVI theater, A true artist. Newzfeaturez.pptx
bysc05digital
 
DOCX
BestMaker.ai: The Complete Brand Story, Founder's Vision, and AI Creative Pla...
byssuser7381d6
 
PPTX
COĞRAFYA ödevi 70 sayfa güzeldir hayırlı olsun
bydtilter
 
PDF
Key Duties and Roles of an Ecommerce Developer Singapore
byHachi Web Solution
 
PDF
Top 5 Snapchat Tracker Apps for Safe and Responsible Monitoring
byMichael Carter
 
PDF
Beacon Kit slides tech framework for world game (s) pdf
bySteven McGee
 
CaseStudy-CloudMigration -For USE CASE -Customer Success Info -6-Aug-25.pptx
bywinlentech
 
mc l2 Overview of Computer and Web-Technology.pptx
byavanikharde
 
WShell Gameplay and Games of Games of Games
byzramirezmtz9
 
Memory Organization In Assembly Language
byumairmuhammad0409
 
WShell Gameplay and Games of Games of Games
byzramirezmtz9
 
ARTIFICIAL INTELLIGENCE DEVELOPMENT SERVICE
bydavidjohansen1597
 
html-forms in web development-courseICT.
bymadz33
 
Abhishek Jaiswal.ppt.pptx for you it is very useful for me and I am sharing w...
byabhishekjaiswal5th33
 
Here are the winners of KALIDASA SAMMAN.
byglcppro
 
SriLank SLT LTE Network Sharing V2.pptx
bynthuang
 
Ideathon template.pptx it is a ideathon template
bykonav71133
 
Computer Science Degree for College .pptx
byHanenek1
 
Lecture_3 Network Securityeyeyggegeg.ppt
bysawsan202
 
Design For Test - Getting Test Automation value from Design Expressions.
byDavid Harrison
 
PRITHVI theater, A true artist. Newzfeaturez.pptx
bysc05digital
 
BestMaker.ai: The Complete Brand Story, Founder's Vision, and AI Creative Pla...
byssuser7381d6
 
COĞRAFYA ödevi 70 sayfa güzeldir hayırlı olsun
bydtilter
 
Key Duties and Roles of an Ecommerce Developer Singapore
byHachi Web Solution
 
Top 5 Snapchat Tracker Apps for Safe and Responsible Monitoring
byMichael Carter
 
Beacon Kit slides tech framework for world game (s) pdf
bySteven McGee
 

Mikrotik firewall NAT

  • 1.
    www.glcnetworks.com FIREWALL NAT GLC webinar,04 may 2017 Achmad Mardiansyah achmad@glcnetworks.com GLC Networks, Indonesia 1
  • 2.
    www.glcnetworks.com Agenda ● Introduction ● NetworkAddress Translation (NAT) ● Mikrotik firewall NAT ● Demo ● Q & A 2
  • 3.
    www.glcnetworks.com What is GLC? ●Garda Lintas Cakrawala (www.glcnetworks.com) ● An Indonesian company ● Located in Bandung ● Areas: Training, IT Consulting ● Mikrotik Certified Training Partner ● Mikrotik Certified Consultant ● Mikrotik distributor 3
  • 4.
    www.glcnetworks.com About GLC webinar? ●First webinar: january 1, 2010 (title: tahun baru bersama solaris - new year with solaris OS) ● As a sharing event with various topics: linux, networking, wireless, database, programming, etc ● Regular schedule: every 2 weeks ● Irregular schedule: as needed ● Checking schedule: http://www.glcnetworks.com/main/sc hedule ● You are invited to be a presenter ○ No need to be an expert ○ This is a forum for sharing: knowledge, experiences, information 4
  • 5.
    www.glcnetworks.com Trainer Introduction ● Name:Achmad Mardiansyah ● Base: bandung, Indonesia ● Linux user since 1999 ● Mikrotik user since 2007 ● Certified Trainer (MTCNA/RE/WE/UME/INE/TCE) ● Mikrotik Certified Consultant ● Work: Telco engineer, Sysadmin, PHP programmer, and Lecturer ● Personal website: http://achmadjournal.com ● More info: http://au.linkedin.com/in/achmadmardiansyah 5
  • 6.
    www.glcnetworks.com Please introduce yourself ●Your name ● Your company/university? ● Your networking experience? ● Your mikrotik experience? ● Your expectation from this course? 6
  • 7.
    www.glcnetworks.com What is Mikrotik? ●Name of a company ● A brand ● A program (e.g. mikrotik academy) ● Headquarter: Riga, Latvia 7
  • 8.
    www.glcnetworks.com What are mikrotikproducts? ● Router OS ○ The OS. Specialized for networking ○ Website: www.mikrotik.com/download ● RouterBoard ○ The hardware ○ RouterOS installed ○ Website: www.routerboard.com 8
  • 9.
    www.glcnetworks.com What Router OScan do? ● Go to www.mikrotik.com ○ Download: what_is_routeros.pdf ○ Download: product catalog ○ Download: newsletter 9
  • 10.
    www.glcnetworks.com What are Mikrotiktraining & certifications? 10 Certificate validity is 3 years
  • 11.
  • 12.
    www.glcnetworks.com At early stageof internet… (1990s) ● Most of computer’s communication is using layer 3 protocol (Internet Protocol - IP) ● The use of CIDR (classless interdomain routing) -> no class A, B C ● There was a body that registers blocks of IP address ● Internet was booming -> IP address was running out !!! ● NAT was born 12
  • 13.
    www.glcnetworks.com RFC1631 - Network AddressTranslator ● With NAT, IP address now is divided into 2 groups: ○ Private IP address ○ Public IP address ● Private IP address will be translated to public IP address ● Router that supports NAT will do mapping of IP address and port 13
  • 14.
    www.glcnetworks.com Mapping between privateIP to public IP 14 Source: wikimedia.org
  • 15.
    www.glcnetworks.com Mapping public IPand port to private IP 15 Source: wikimedia.org
  • 16.
  • 17.
    www.glcnetworks.com However, NAT isnot good…. ● Its not scalable. even with the box that is so called “carrier grade NAT” ● Some applications do not work under NATed environment: Online game (xbox, steam), voip, security, etc ● Dont use NAT on your local network -> use routing protocol instead ● NAT is not designed to be permanent solution Ultimate Solution: USE IPv6 !!! 17
  • 18.
  • 19.
  • 20.
    www.glcnetworks.com Chain for NAT Donot get confused!! See packet flow ● Chain=Srcnat -> postrouting ● Chain=dstnat -> prerouting Do not get confused with NAT action ● Src-nat ● dst-nat 20
  • 21.
    www.glcnetworks.com LAB: SRC-NAT, staticIP 21 192.168.X.0/24 192.168.99.90 99_TEACHER 192.168.X.0/24 99_laptop IP address port Destination 192.168.99.90 80 Source 192.168.X.90 XXX IP address port Destination 192.168.99.90 80 Source 192.168.98.X YYY RX SRC-NAT ● IP Header (source IP address) from the laptop of student X, will be modified at RX ● Suitable when the IP address at egress (outgoing) interface is static To check: Run torch at R99
  • 22.
    www.glcnetworks.com LAB: SRC-NAT, masquerade 22 192.168.X.0/24 192.168.99.90 99_TEACHER 192.168.X.0/24 99_laptop IPaddress port Destination 192.168.99.90 80 Source 192.168.X.90 XXX IP address port Destination 192.168.99.90 80 Source 192.168.98.X YYY RX SRC-NAT ● IP Header (source IP address) from the laptop of student X, will be modified at RX ● Firewall will pick the first ip address at exit interface automatically ● Suitable when the IP address at egress interface is dynamic (DHCP-client) To check: Run torch at R99
  • 23.
  • 24.
    www.glcnetworks.com LAB: DST-NAT (portforwarding) 24 192.168.X.0/24 192.168.99.91 99_TEACHER 192.168.X.0/24 webserver IP address port Destination 192.168.X.1 80 Source 192.168.X.90 XXX IP address port Destination 192.168.99.91 80 Source 192.168.X.90 XXX RX SRC-NAT ● IP Header (destination IP address) from the laptop of student X, will be modified at RX ● Firewall will pick the first ip address at exit interface automatically ● Suitable when the IP address at egress interface is dynamic (DHCP-client) To check: Run torch at R99
  • 25.
    www.glcnetworks.com LAB: DST-NAT, redirect 25 192.168.X.0/24 192.168.99.91 99_TEACHER 192.168.X.0/24 webserver IPaddress port Destination 192.168.99.91 80 Source 192.168.X.90 XXX IP address port Destination Router local address 80 Source 192.168.X.90 XXX RX SRC-NAT ● IP Header (destination IP address) from the laptop of student X, will be modified at RX ● Destination IP will be modified to router’s local address To check: Run torch at R99
  • 26.
  • 27.
    www.glcnetworks.com Interested? Just come toour training... Special price for webinar attendees… http://www.glcnetworks.c om/main/schedule 27
  • 28.
    www.glcnetworks.com End of slides ●Thank you for your attention ● Please submit your feedback: http://bit.ly/glcfeedback ● Like our facebook page: “GLC networks” ● Slide: http://www.slideshare.net/r41nbuw ● Recording: https://www.youtube.com/channel/UCI611_IIkQC0rsLWIFIx_yg ● Stay tune with our schedule 28