SlideShare a Scribd company logo

Module17 nat v2

R
Ratanang kabalano

Network Address Translation (NAT) allows hosts on private networks to communicate with hosts on the public Internet. NAT is run on routers and replaces the IP address and port of packets traveling between a private network and the public Internet. The main uses of NAT are pooling IP addresses, supporting migration between ISPs, IP masquerading, and load balancing servers. NAT solves issues like IP address exhaustion but breaks the end-to-end connectivity principle and can cause problems for applications that embed IP addresses.

1 of 11
Download to read offline
1 1 Network Address Translation (NAT) Relates to Lab 7. Module about private networks and NAT. 2 Private Network • Private IP network is an IP network that is not directly connected to the Internet • IP addresses in a private network can be assigned arbitrarily. – Not registered and not guaranteed to be globally unique • Generally, private networks use addresses from the following experimental address ranges (non-routable addresses): – 10.0.0.0 – 10.255.255.255 – 172.16.0.0 – 172.31.255.255 – 192.168.0.0 – 192.168.255.255
2 3 Private Addresses 4 Network Address Translation (NAT) • NAT is a router function where IP addresses (and possibly port numbers) of IP datagrams are replaced at the boundary of a private network • NAT is a method that enables hosts on private networks to communicate with hosts on the Internet • NAT is run on routers that connect private networks to the public Internet, to replace the IP address-port pair of an IP packet with another IP address-port pair.
3 5 Basic operation of NAT • NAT device has address translation table H1 private address: 10.0.1.2 public address: 128.143.71.21 H5 Private network Internet Source = 10.0.1.2 Destination = 213.168.112.3 Source = 128.143.71.21 Destination = 213.168.112.3 public address: 213.168.112.3 NAT device Source = 213.168.112.3 Destination = 128.143.71.21 Source = 213.168.112.3 Destination = 10.0.1.2 Private Address Public Address 10.0.1.2 128.143.71.21 6 Main uses of NAT • Pooling of IP addresses • Supporting migration between network service providers • IP masquerading • Load balancing of servers
4 7 Pooling of IP addresses • Scenario: Corporate network has many hosts but only a small number of public IP addresses • NAT solution: – Corporate network is managed with a private address space – NAT device, located at the boundary between the corporate network and the public Internet, manages a pool of public IP addresses – When a host from the corporate network sends an IP datagram to a host in the public Internet, the NAT device picks a public IP address from the address pool, and binds this address to the private address of the host 8 Pooling of IP addresses
5 9 Supporting migration between network service providers • Scenario: In CIDR, the IP addresses in a corporate network are obtained from the service provider. Changing the service provider requires changing all IP addresses in the network. • NAT solution: – Assign private addresses to the hosts of the corporate network – NAT device has static address translation entries which bind the private address of a host to the public address. – Migration to a new network service provider merely requires an update of the NAT device. The migration is not noticeable to the hosts on the network. Note: – The difference to the use of NAT with IP address pooling is that the mapping of public and private IP addresses is static. 10 Supporting migration between network service providers H1 private address: 10.0.1.2 public address: 128.143.71.21 128.195.4.120 Source = 10.0.1.2 Destination = 213.168.112.3 NAT device Private Address Public Address 10.0.1.2 128.143.71.21 128.195.4.120 128.143.71.21 128.195.4.120 Source = 128.143.71.21 Destination = 213.168.112.3 Source = 128.195.4.120 Destination = 213.168.112.3 ISP 2 allocates address block 128.195.4.0/24 to private network: Private network ISP 1 allocates address block 128.143.71.0/24 to private network:
6 11 IP masquerading • Also called: Network address and port translation (NAPT), port address translation (PAT). • Scenario: Single public IP address is mapped to multiple hosts in a private network. • NAT solution: – Assign private addresses to the hosts of the corporate network – NAT device modifies the port numbers for outgoing traffic 12 IP masquerading H1 private address: 10.0.1.2 Private network Source = 10.0.1.2 Source port = 2001 Source = 128.143.71.21 Source port = 2100 NAT device Private Address Public Address 10.0.1.2/2001 128.143.71.21/2100 10.0.1.3/3020 128.143.71.21/4444 H2 private address: 10.0.1.3 Source = 10.0.1.3 Source port = 3020 Internet Source = 128.143.71.21 Destination = 4444 128.143.71.21
7 13 Load balancing of servers • Scenario: Balance the load on a set of identical servers, which are accessible from a single IP address • NAT solution: – Here, the servers are assigned private addresses – NAT device acts as a proxy for requests to the server from the public network – The NAT device changes the destination IP address of arriving packets to one of the private addresses for a server – A sensible strategy for balancing the load of the servers is to assign the addresses of the servers in a round-robin fashion. 14 Load balancing of servers Private network Source = 213.168.12.3 Destination = 128.143.71.21 NAT device Private Address Public Address 10.0.1.2 128.143.71.21 Inside network 10.0.1.4 128.143.71.21 Internet 128.143.71.21 S1 S2 S3 10.0.1.4 10.0.1.3 10.0.1.2 Source = 128.195.4.1 20 Destination = 10.0.1.2 Public Address 128.195.4.120 Outside network 213.168.12.3 Source = 128.195.4.120 Destination = 128.143.71.21 Source = 128.195.4 .120 Destination = 10.0.1.4
8 15 Concerns about NAT • Performance: – Modifying the IP header by changing the IP address requires that NAT boxes recalculate the IP header checksum – Modifying port number requires that NAT boxes recalculate TCP checksum • Fragmentation – Care must be taken that a datagram that is fragmented before it reaches the NAT device, is not assigned a different IP address or different port numbers for each of the fragments. 16 Concerns about NAT • End-to-end connectivity: – NAT destroys universal end-to-end reachability of hosts on the Internet. – A host in the public Internet often cannot initiate communication to a host in a private network. – The problem is worse, when two hosts that are in a private network need to communicate with each other.
9 17 Concerns about NAT • IP address in application data: – Applications that carry IP addresses in the payload of the application data generally do not work across a private- public network boundary. – Some NAT devices inspect the payload of widely used application layer protocols and, if an IP address is detected in the application-layer header or the application payload, translate the address according to the address translation table. 18 NAT and FTP H1 H2 public address: 128.143.72.21 FTP client FTP server PORT 128.143.72.21/1027 200 PORT command successful public address: 128.195.4.120 RETR myfile 150 Opening data connection establish data connection • Normal FTP operation
10 19 NAT and FTP • NAT device with FTP support H1 Private network NAT device H2 private address: 10.0.1.3 public address: 128.143.72.21 Internet FTP client FTP server PORT 10.0.1.3/1027 PORT 128.143.72.21/1027 200 PORT command successful200 PORT command successful RETR myfile establish data connection RETR myfile 150 Opening data connection150 Opening data connection establish data connection 20 NAT and FTP • FTP in passive mode and NAT. H1 Private network NAT device H2 private address: 10.0.1.3 public address: 128.143.72.21 Internet FTP client FTP server PASV PASV Entering Passive Mode 128.195.4.120/10001 Entering Passive Mode 128.195.4.120/10001 public address: 128.195.4.120 Establish data connection Establish data connection
11 21 Configuring NAT in Linux • Linux uses the Netfilter/iptable package to add filtering rules to the IP module Incoming datagram filter INPUT Destination is local? filter FORWARD nat OUTPUT To application From application Outgoing datagram nat POSTROUTING (SNAT) No Yes filter OUTPUT nat PREROUTING (DNAT) 22 Configuring NAT with iptable • First example: iptables –t nat –A POSTROUTING –s 10.0.1.2 –j SNAT --to-source 128.143.71.21 • Pooling of IP addresses: iptables –t nat –A POSTROUTING –s 10.0.1.0/24 –j SNAT --to-source 128.128.71.0–128.143.71.30 • ISP migration: iptables –t nat –R POSTROUTING –s 10.0.1.0/24 –j SNAT --to-source 128.195.4.0–128.195.4.254 • IP masquerading: iptables –t nat –A POSTROUTING –s 10.0.1.0/24 –o eth1 –j MASQUERADE • Load balancing: iptables -t nat -A PREROUTING -i eth1 -j DNAT --to- destination 10.0.1.2-10.0.1.4

Recommended

network address translate
network address translate network address translate
network address translate
ahmedOday
 
Static NAT
Static NATStatic NAT
Static NAT
NetProtocol Xpert
 
Nad710 Network Address Translation
Nad710 Network Address TranslationNad710 Network Address Translation
Nad710 Network Address Translation
tmavroidis
 
Network Address Translation (NAT)
Network Address Translation (NAT)Network Address Translation (NAT)
Network Address Translation (NAT)
Joud Khattab
 
Dynamic NAT
Dynamic NATDynamic NAT
Dynamic NAT
NetProtocol Xpert
 
Mcse notes
Mcse notesMcse notes
Mcse notesvrammn
 
Network address translation
Network address translationNetwork address translation
Network address translationKarppinen Ngoc Anh
 
Ccnav5.org ccna 1-v50_itn_practice_final_exam_answers
Ccnav5.org ccna 1-v50_itn_practice_final_exam_answersCcnav5.org ccna 1-v50_itn_practice_final_exam_answers
Ccnav5.org ccna 1-v50_itn_practice_final_exam_answersĐồng Quốc Vương
 

Recommended

network address translate
network address translate network address translate
network address translate
ahmedOday
 
Static NAT
Static NATStatic NAT
Static NAT
NetProtocol Xpert
 
Nad710 Network Address Translation
Nad710 Network Address TranslationNad710 Network Address Translation
Nad710 Network Address Translation
tmavroidis
 
Network Address Translation (NAT)
Network Address Translation (NAT)Network Address Translation (NAT)
Network Address Translation (NAT)
Joud Khattab
 
Dynamic NAT
Dynamic NATDynamic NAT
Dynamic NAT
NetProtocol Xpert
 
Mcse notes
Mcse notesMcse notes
Mcse notesvrammn
 
Network address translation
Network address translationNetwork address translation
Network address translationKarppinen Ngoc Anh
 
Ccnav5.org ccna 1-v50_itn_practice_final_exam_answers
Ccnav5.org ccna 1-v50_itn_practice_final_exam_answersCcnav5.org ccna 1-v50_itn_practice_final_exam_answers
Ccnav5.org ccna 1-v50_itn_practice_final_exam_answersĐồng Quốc Vương
 
Nat pat
Nat patNat pat
Nat pat
CYBERINTELLIGENTS
 
What is Network Address Translation (NAT)
What is Network Address Translation (NAT)What is Network Address Translation (NAT)
What is Network Address Translation (NAT)
Amit Kumar , Jaipur Engineers
 
net work iTM3
net work iTM3net work iTM3
net work iTM3
Aram Mohammed
 
Network address translation
Network address translationNetwork address translation
Network address translation
Varsha Honde
 
NAT (network address translation) & PAT (port address translation)
NAT (network address translation) & PAT (port address translation)NAT (network address translation) & PAT (port address translation)
NAT (network address translation) & PAT (port address translation)
Netwax Lab
 
Zdalna komunikacja sieciowa - zagadnienia sieciowe
Zdalna komunikacja sieciowa - zagadnienia sieciowe Zdalna komunikacja sieciowa - zagadnienia sieciowe
Zdalna komunikacja sieciowa - zagadnienia sieciowe
Agnieszka Kuba
 
Troubleshooting Network and Network Utilities
Troubleshooting Network and Network UtilitiesTroubleshooting Network and Network Utilities
Troubleshooting Network and Network Utilities
Rubal Sagwal
 
1000 Ccna Questions And Answers
1000 Ccna Questions And Answers1000 Ccna Questions And Answers
1000 Ccna Questions And Answers
CCNAResources
 
Sharing your-internet-connection-on-linux
Sharing your-internet-connection-on-linuxSharing your-internet-connection-on-linux
Sharing your-internet-connection-on-linuxjasembo
 
Network address translation
Network address translationNetwork address translation
Network address translation
Mohak Kaushik
 
Training Day Slides
Training Day SlidesTraining Day Slides
Training Day Slides
adam_merritt
 
Network address translation pdf
Network address translation pdfNetwork address translation pdf
Network address translation pdf
Madhusudhan Anand
 
CCNA ALL IN ONE
CCNA ALL IN ONE CCNA ALL IN ONE
CCNA ALL IN ONE
Sripati Mahapatra
 
Network layer logical addressing
Network layer logical addressingNetwork layer logical addressing
Network layer logical addressing
Sri Manakula Vinayagar Engineering College
 
IPV4 addresses
IPV4 addressesIPV4 addresses
IPV4 addresses
Kongu Engineering College, Perundurai, Erode
 
NAT- Network Address Translation
NAT- Network Address TranslationNAT- Network Address Translation
NAT- Network Address Translation
Eng. Emad Al-Atoum
 
CCNA 200-120 Latest Dumps
CCNA 200-120 Latest DumpsCCNA 200-120 Latest Dumps
CCNA 200-120 Latest Dumps
slotiopo
 
IP adress and routing(networking)
IP adress and routing(networking)IP adress and routing(networking)
IP adress and routing(networking)welcometofacebook
 
Ccna 1 final
Ccna 1 finalCcna 1 final
Ccna 1 finalVahdet Shehu
 
Subnets
SubnetsSubnets
Subnets
Naresh Gotad
 
Mejorando el ambiente
Mejorando el ambienteMejorando el ambiente
Mejorando el ambientedec-admin
 
Cem 350 gilbane corp mep retrofit systems overview 4 2011
Cem 350 gilbane corp mep retrofit systems overview 4 2011Cem 350 gilbane corp mep retrofit systems overview 4 2011
Cem 350 gilbane corp mep retrofit systems overview 4 2011
miresmaeil
 

More Related Content

What's hot

Nat pat
Nat patNat pat
Nat pat
CYBERINTELLIGENTS
 
What is Network Address Translation (NAT)
What is Network Address Translation (NAT)What is Network Address Translation (NAT)
What is Network Address Translation (NAT)
Amit Kumar , Jaipur Engineers
 
net work iTM3
net work iTM3net work iTM3
net work iTM3
Aram Mohammed
 
Network address translation
Network address translationNetwork address translation
Network address translation
Varsha Honde
 
NAT (network address translation) & PAT (port address translation)
NAT (network address translation) & PAT (port address translation)NAT (network address translation) & PAT (port address translation)
NAT (network address translation) & PAT (port address translation)
Netwax Lab
 
Zdalna komunikacja sieciowa - zagadnienia sieciowe
Zdalna komunikacja sieciowa - zagadnienia sieciowe Zdalna komunikacja sieciowa - zagadnienia sieciowe
Zdalna komunikacja sieciowa - zagadnienia sieciowe
Agnieszka Kuba
 
Troubleshooting Network and Network Utilities
Troubleshooting Network and Network UtilitiesTroubleshooting Network and Network Utilities
Troubleshooting Network and Network Utilities
Rubal Sagwal
 
1000 Ccna Questions And Answers
1000 Ccna Questions And Answers1000 Ccna Questions And Answers
1000 Ccna Questions And Answers
CCNAResources
 
Sharing your-internet-connection-on-linux
Sharing your-internet-connection-on-linuxSharing your-internet-connection-on-linux
Sharing your-internet-connection-on-linuxjasembo
 
Network address translation
Network address translationNetwork address translation
Network address translation
Mohak Kaushik
 
Training Day Slides
Training Day SlidesTraining Day Slides
Training Day Slides
adam_merritt
 
Network address translation pdf
Network address translation pdfNetwork address translation pdf
Network address translation pdf
Madhusudhan Anand
 
CCNA ALL IN ONE
CCNA ALL IN ONE CCNA ALL IN ONE
CCNA ALL IN ONE
Sripati Mahapatra
 
Network layer logical addressing
Network layer logical addressingNetwork layer logical addressing
Network layer logical addressing
Sri Manakula Vinayagar Engineering College
 
NAT- Network Address Translation
NAT- Network Address TranslationNAT- Network Address Translation
NAT- Network Address Translation
Eng. Emad Al-Atoum
 
CCNA 200-120 Latest Dumps
CCNA 200-120 Latest DumpsCCNA 200-120 Latest Dumps
CCNA 200-120 Latest Dumps
slotiopo
 
IP adress and routing(networking)
IP adress and routing(networking)IP adress and routing(networking)
IP adress and routing(networking)welcometofacebook
 
Subnets
SubnetsSubnets
Subnets
Naresh Gotad
 

What's hot (20)

Nat pat
Nat patNat pat
Nat pat
 
What is Network Address Translation (NAT)
What is Network Address Translation (NAT)What is Network Address Translation (NAT)
What is Network Address Translation (NAT)
 
net work iTM3
net work iTM3net work iTM3
net work iTM3
 
Network address translation
Network address translationNetwork address translation
Network address translation
 
NAT (network address translation) & PAT (port address translation)
NAT (network address translation) & PAT (port address translation)NAT (network address translation) & PAT (port address translation)
NAT (network address translation) & PAT (port address translation)
 
Zdalna komunikacja sieciowa - zagadnienia sieciowe
Zdalna komunikacja sieciowa - zagadnienia sieciowe Zdalna komunikacja sieciowa - zagadnienia sieciowe
Zdalna komunikacja sieciowa - zagadnienia sieciowe
 
Troubleshooting Network and Network Utilities
Troubleshooting Network and Network UtilitiesTroubleshooting Network and Network Utilities
Troubleshooting Network and Network Utilities
 
1000 Ccna Questions And Answers
1000 Ccna Questions And Answers1000 Ccna Questions And Answers
1000 Ccna Questions And Answers
 
Sharing your-internet-connection-on-linux
Sharing your-internet-connection-on-linuxSharing your-internet-connection-on-linux
Sharing your-internet-connection-on-linux
 
Network address translation
Network address translationNetwork address translation
Network address translation
 
Training Day Slides
Training Day SlidesTraining Day Slides
Training Day Slides
 
Network address translation pdf
Network address translation pdfNetwork address translation pdf
Network address translation pdf
 
CCNA ALL IN ONE
CCNA ALL IN ONE CCNA ALL IN ONE
CCNA ALL IN ONE
 
Network layer logical addressing
Network layer logical addressingNetwork layer logical addressing
Network layer logical addressing
 
IPV4 addresses
IPV4 addressesIPV4 addresses
IPV4 addresses
 
NAT- Network Address Translation
NAT- Network Address TranslationNAT- Network Address Translation
NAT- Network Address Translation
 
CCNA 200-120 Latest Dumps
CCNA 200-120 Latest DumpsCCNA 200-120 Latest Dumps
CCNA 200-120 Latest Dumps
 
IP adress and routing(networking)
IP adress and routing(networking)IP adress and routing(networking)
IP adress and routing(networking)
 
Ccna 1 final
Ccna 1 finalCcna 1 final
Ccna 1 final
 
Subnets
SubnetsSubnets
Subnets
 

Viewers also liked

Mejorando el ambiente
Mejorando el ambienteMejorando el ambiente
Mejorando el ambientedec-admin
 
Cem 350 gilbane corp mep retrofit systems overview 4 2011
Cem 350 gilbane corp mep retrofit systems overview 4 2011Cem 350 gilbane corp mep retrofit systems overview 4 2011
Cem 350 gilbane corp mep retrofit systems overview 4 2011
miresmaeil
 
A PRUDENT-PRECEDENCE CONCURRENCY CONTROL PROTOCOL FOR HIGH DATA CONTENTION DA...
A PRUDENT-PRECEDENCE CONCURRENCY CONTROL PROTOCOL FOR HIGH DATA CONTENTION DA...A PRUDENT-PRECEDENCE CONCURRENCY CONTROL PROTOCOL FOR HIGH DATA CONTENTION DA...
A PRUDENT-PRECEDENCE CONCURRENCY CONTROL PROTOCOL FOR HIGH DATA CONTENTION DA...
ijdms
 
179.iniciativa juvenil
179.iniciativa juvenil179.iniciativa juvenil
179.iniciativa juvenildec-admin
 
Baku Guide Media Kit 2017
Baku Guide Media Kit 2017Baku Guide Media Kit 2017
Baku Guide Media Kit 2017
Samir Dubendi
 
Cem 350 hud residential energy conservation 9 2016
Cem 350 hud residential energy conservation 9 2016Cem 350 hud residential energy conservation 9 2016
Cem 350 hud residential energy conservation 9 2016
miresmaeil
 
Week 1 project (corrected)
Week 1 project (corrected)Week 1 project (corrected)
Week 1 project (corrected)Anthony Clay
 
CanEditor App 13 pages
CanEditor App 13 pagesCanEditor App 13 pages
CanEditor App 13 pagesManasi Sharma
 
Un área verde para todos
Un área verde para todosUn área verde para todos
Un área verde para todosdec-admin
 
287. mejorando la dieta escolar
287. mejorando la dieta escolar287. mejorando la dieta escolar
287. mejorando la dieta escolardec-admin
 
Using Criminal Records Searches in Background Screening
Using Criminal Records Searches in Background ScreeningUsing Criminal Records Searches in Background Screening
Using Criminal Records Searches in Background Screening
Data Facts, Inc.
 
167.unidos lo hacemos mejor
167.unidos lo hacemos mejor167.unidos lo hacemos mejor
167.unidos lo hacemos mejordec-admin
 
Caries
CariesCaries
Caries
LuisafdaSM12
 
Country Game
Country GameCountry Game
Country Game
NgocNguyen_BRVT
 
Khóa học báo cáo thuế
Khóa học báo cáo thuếKhóa học báo cáo thuế
Khóa học báo cáo thuế
daklakedu
 
161102 iplit 091016 watkins
161102 iplit 091016 watkins161102 iplit 091016 watkins
161102 iplit 091016 watkins
ziplula
 
A NOVEL APPROACH FOR PROCESSING BIG DATA
A NOVEL APPROACH FOR PROCESSING BIG DATAA NOVEL APPROACH FOR PROCESSING BIG DATA
A NOVEL APPROACH FOR PROCESSING BIG DATA
ijdms
 
411. acciones focalizadas al reciclaje
411. acciones focalizadas al reciclaje411. acciones focalizadas al reciclaje
411. acciones focalizadas al reciclajedec-admin
 

Viewers also liked (20)

Mejorando el ambiente
Mejorando el ambienteMejorando el ambiente
Mejorando el ambiente
 
Cem 350 gilbane corp mep retrofit systems overview 4 2011
Cem 350 gilbane corp mep retrofit systems overview 4 2011Cem 350 gilbane corp mep retrofit systems overview 4 2011
Cem 350 gilbane corp mep retrofit systems overview 4 2011
 
A PRUDENT-PRECEDENCE CONCURRENCY CONTROL PROTOCOL FOR HIGH DATA CONTENTION DA...
A PRUDENT-PRECEDENCE CONCURRENCY CONTROL PROTOCOL FOR HIGH DATA CONTENTION DA...A PRUDENT-PRECEDENCE CONCURRENCY CONTROL PROTOCOL FOR HIGH DATA CONTENTION DA...
A PRUDENT-PRECEDENCE CONCURRENCY CONTROL PROTOCOL FOR HIGH DATA CONTENTION DA...
 
179.iniciativa juvenil
179.iniciativa juvenil179.iniciativa juvenil
179.iniciativa juvenil
 
Baku Guide Media Kit 2017
Baku Guide Media Kit 2017Baku Guide Media Kit 2017
Baku Guide Media Kit 2017
 
Cem 350 hud residential energy conservation 9 2016
Cem 350 hud residential energy conservation 9 2016Cem 350 hud residential energy conservation 9 2016
Cem 350 hud residential energy conservation 9 2016
 
Week 1 project (corrected)
Week 1 project (corrected)Week 1 project (corrected)
Week 1 project (corrected)
 
AREIS_Guide
AREIS_GuideAREIS_Guide
AREIS_Guide
 
CanEditor App 13 pages
CanEditor App 13 pagesCanEditor App 13 pages
CanEditor App 13 pages
 
Un área verde para todos
Un área verde para todosUn área verde para todos
Un área verde para todos
 
287. mejorando la dieta escolar
287. mejorando la dieta escolar287. mejorando la dieta escolar
287. mejorando la dieta escolar
 
Using Criminal Records Searches in Background Screening
Using Criminal Records Searches in Background ScreeningUsing Criminal Records Searches in Background Screening
Using Criminal Records Searches in Background Screening
 
167.unidos lo hacemos mejor
167.unidos lo hacemos mejor167.unidos lo hacemos mejor
167.unidos lo hacemos mejor
 
Caries
CariesCaries
Caries
 
PAFR 2015_Web
PAFR 2015_WebPAFR 2015_Web
PAFR 2015_Web
 
Country Game
Country GameCountry Game
Country Game
 
Khóa học báo cáo thuế
Khóa học báo cáo thuếKhóa học báo cáo thuế
Khóa học báo cáo thuế
 
161102 iplit 091016 watkins
161102 iplit 091016 watkins161102 iplit 091016 watkins
161102 iplit 091016 watkins
 
A NOVEL APPROACH FOR PROCESSING BIG DATA
A NOVEL APPROACH FOR PROCESSING BIG DATAA NOVEL APPROACH FOR PROCESSING BIG DATA
A NOVEL APPROACH FOR PROCESSING BIG DATA
 
411. acciones focalizadas al reciclaje
411. acciones focalizadas al reciclaje411. acciones focalizadas al reciclaje
411. acciones focalizadas al reciclaje
 

Similar to Module17 nat v2

networkaddresstranslation-160909142440.pptx
networkaddresstranslation-160909142440.pptxnetworkaddresstranslation-160909142440.pptx
networkaddresstranslation-160909142440.pptx
zmulani8
 
Computer Networking: A Top-Down Approach
Computer Networking: A Top-Down Approach Computer Networking: A Top-Down Approach
Computer Networking: A Top-Down Approach
PolRobinson
 
CCN CEP.pptx
CCN CEP.pptxCCN CEP.pptx
CCN CEP.pptx
NOOR69810
 
Dns server converted
Dns server convertedDns server converted
Dns server converted
mariymmithila
 
DNS server packet tracer
DNS server packet tracerDNS server packet tracer
DNS server packet tracer
JalalMiah5
 
Lecture 23 DHCP and NAT.pptx
Lecture 23 DHCP and NAT.pptxLecture 23 DHCP and NAT.pptx
Lecture 23 DHCP and NAT.pptx
HanzlaNaveed1
 
MULTIMEDIA COMMUNICATION & NETWORKS
MULTIMEDIA COMMUNICATION & NETWORKSMULTIMEDIA COMMUNICATION & NETWORKS
MULTIMEDIA COMMUNICATION & NETWORKS
Kathirvel Ayyaswamy
 
IP Layer.pptx
IP Layer.pptxIP Layer.pptx
IP Layer.pptx
DhananjayKumbhar15
 
Dhcp presentation 01
Dhcp presentation 01Dhcp presentation 01
Dhcp presentation 01maverick4489
 
How to link public addresses (real ip) to private ip or lan ip
How to link public addresses (real ip) to private ip or lan ipHow to link public addresses (real ip) to private ip or lan ip
How to link public addresses (real ip) to private ip or lan ip
Tũi Wichets
 
09 Systems Software Programming-Network Programming.pptx
09 Systems Software Programming-Network Programming.pptx09 Systems Software Programming-Network Programming.pptx
09 Systems Software Programming-Network Programming.pptx
KushalSrivastava23
 
DHCP
DHCPDHCP
DHCP
ssusered887b
 
Microsoft Offical Course 20410C_05
Microsoft Offical Course 20410C_05Microsoft Offical Course 20410C_05
Microsoft Offical Course 20410C_05
gameaxt
 
06 coms 525 tcpip - dhcp and dns
06 coms 525 tcpip - dhcp and dns06 coms 525 tcpip - dhcp and dns
06 coms 525 tcpip - dhcp and dns
Palanivel Kuppusamy
 
8-Lect_8 Addressing the Network.tcp.pptx
8-Lect_8 Addressing the Network.tcp.pptx8-Lect_8 Addressing the Network.tcp.pptx
8-Lect_8 Addressing the Network.tcp.pptx
ZahouAmel1
 
IP Addressing.ppt
IP Addressing.pptIP Addressing.ppt
IP Addressing.ppt
AbrahamGadissa
 
NAT and firewall presentation - how setup a nice firewall
NAT and firewall presentation - how setup a nice firewallNAT and firewall presentation - how setup a nice firewall
NAT and firewall presentation - how setup a nice firewall
Cassiano Campes
 
Dhcp
DhcpDhcp
Dhcp
ABYTHOMAS46
 

Similar to Module17 nat v2 (20)

networkaddresstranslation-160909142440.pptx
networkaddresstranslation-160909142440.pptxnetworkaddresstranslation-160909142440.pptx
networkaddresstranslation-160909142440.pptx
 
Nat 03
Nat 03Nat 03
Nat 03
 
Computer Networking: A Top-Down Approach
Computer Networking: A Top-Down Approach Computer Networking: A Top-Down Approach
Computer Networking: A Top-Down Approach
 
CCN CEP.pptx
CCN CEP.pptxCCN CEP.pptx
CCN CEP.pptx
 
Dns server converted
Dns server convertedDns server converted
Dns server converted
 
DNS server packet tracer
DNS server packet tracerDNS server packet tracer
DNS server packet tracer
 
Lecture 23 DHCP and NAT.pptx
Lecture 23 DHCP and NAT.pptxLecture 23 DHCP and NAT.pptx
Lecture 23 DHCP and NAT.pptx
 
MULTIMEDIA COMMUNICATION & NETWORKS
MULTIMEDIA COMMUNICATION & NETWORKSMULTIMEDIA COMMUNICATION & NETWORKS
MULTIMEDIA COMMUNICATION & NETWORKS
 
IP Layer.pptx
IP Layer.pptxIP Layer.pptx
IP Layer.pptx
 
Dhcp presentation 01
Dhcp presentation 01Dhcp presentation 01
Dhcp presentation 01
 
How to link public addresses (real ip) to private ip or lan ip
How to link public addresses (real ip) to private ip or lan ipHow to link public addresses (real ip) to private ip or lan ip
How to link public addresses (real ip) to private ip or lan ip
 
09 Systems Software Programming-Network Programming.pptx
09 Systems Software Programming-Network Programming.pptx09 Systems Software Programming-Network Programming.pptx
09 Systems Software Programming-Network Programming.pptx
 
DHCP
DHCPDHCP
DHCP
 
Microsoft Offical Course 20410C_05
Microsoft Offical Course 20410C_05Microsoft Offical Course 20410C_05
Microsoft Offical Course 20410C_05
 
06 coms 525 tcpip - dhcp and dns
06 coms 525 tcpip - dhcp and dns06 coms 525 tcpip - dhcp and dns
06 coms 525 tcpip - dhcp and dns
 
8-Lect_8 Addressing the Network.tcp.pptx
8-Lect_8 Addressing the Network.tcp.pptx8-Lect_8 Addressing the Network.tcp.pptx
8-Lect_8 Addressing the Network.tcp.pptx
 
IP Addressing.ppt
IP Addressing.pptIP Addressing.ppt
IP Addressing.ppt
 
NAT and firewall presentation - how setup a nice firewall
NAT and firewall presentation - how setup a nice firewallNAT and firewall presentation - how setup a nice firewall
NAT and firewall presentation - how setup a nice firewall
 
Dhcp
DhcpDhcp
Dhcp
 
Nat
NatNat
Nat
 

Recently uploaded

ethical hacking-mobile hacking methods.ppt
ethical hacking-mobile hacking methods.pptethical hacking-mobile hacking methods.ppt
ethical hacking-mobile hacking methods.ppt
Jayaprasanna4
 
Nuclear Power Economics and Structuring 2024
Nuclear Power Economics and Structuring 2024Nuclear Power Economics and Structuring 2024
Nuclear Power Economics and Structuring 2024
Massimo Talia
 
The role of big data in decision making.
The role of big data in decision making.The role of big data in decision making.
The role of big data in decision making.
ankuprajapati0525
 
Standard Reomte Control Interface - Neometrix
Standard Reomte Control Interface - NeometrixStandard Reomte Control Interface - Neometrix
Standard Reomte Control Interface - Neometrix
Neometrix_Engineering_Pvt_Ltd
 
CME397 Surface Engineering- Professional Elective
CME397 Surface Engineering- Professional ElectiveCME397 Surface Engineering- Professional Elective
CME397 Surface Engineering- Professional Elective
karthi keyan
 
Sachpazis:Terzaghi Bearing Capacity Estimation in simple terms with Calculati...
Sachpazis:Terzaghi Bearing Capacity Estimation in simple terms with Calculati...Sachpazis:Terzaghi Bearing Capacity Estimation in simple terms with Calculati...
Sachpazis:Terzaghi Bearing Capacity Estimation in simple terms with Calculati...
Dr.Costas Sachpazis
 
AKS UNIVERSITY Satna Final Year Project By OM Hardaha.pdf
AKS UNIVERSITY Satna Final Year Project By OM Hardaha.pdfAKS UNIVERSITY Satna Final Year Project By OM Hardaha.pdf
AKS UNIVERSITY Satna Final Year Project By OM Hardaha.pdf
SamSarthak3
 
The Benefits and Techniques of Trenchless Pipe Repair.pdf
The Benefits and Techniques of Trenchless Pipe Repair.pdfThe Benefits and Techniques of Trenchless Pipe Repair.pdf
The Benefits and Techniques of Trenchless Pipe Repair.pdf
Pipe Restoration Solutions
 
Final project report on grocery store management system..pdf
Final project report on grocery store management system..pdfFinal project report on grocery store management system..pdf
Final project report on grocery store management system..pdf
Kamal Acharya
 
block diagram and signal flow graph representation
block diagram and signal flow graph representationblock diagram and signal flow graph representation
block diagram and signal flow graph representation
Divya Somashekar
 
Cosmetic shop management system project report.pdf
Cosmetic shop management system project report.pdfCosmetic shop management system project report.pdf
Cosmetic shop management system project report.pdf
Kamal Acharya
 
MCQ Soil mechanics questions (Soil shear strength).pdf
MCQ Soil mechanics questions (Soil shear strength).pdfMCQ Soil mechanics questions (Soil shear strength).pdf
MCQ Soil mechanics questions (Soil shear strength).pdf
Osamah Alsalih
 
Water Industry Process Automation and Control Monthly - May 2024.pdf
Water Industry Process Automation and Control Monthly - May 2024.pdfWater Industry Process Automation and Control Monthly - May 2024.pdf
Water Industry Process Automation and Control Monthly - May 2024.pdf
Water Industry Process Automation & Control
 
space technology lecture notes on satellite
space technology lecture notes on satellitespace technology lecture notes on satellite
space technology lecture notes on satellite
ongomchris
 
Top 10 Oil and Gas Projects in Saudi Arabia 2024.pdf
Top 10 Oil and Gas Projects in Saudi Arabia 2024.pdfTop 10 Oil and Gas Projects in Saudi Arabia 2024.pdf
Top 10 Oil and Gas Projects in Saudi Arabia 2024.pdf
Teleport Manpower Consultant
 
power quality voltage fluctuation UNIT - I.pptx
power quality voltage fluctuation UNIT - I.pptxpower quality voltage fluctuation UNIT - I.pptx
power quality voltage fluctuation UNIT - I.pptx
ViniHema
 
Hybrid optimization of pumped hydro system and solar- Engr. Abdul-Azeez.pdf
Hybrid optimization of pumped hydro system and solar- Engr. Abdul-Azeez.pdfHybrid optimization of pumped hydro system and solar- Engr. Abdul-Azeez.pdf
Hybrid optimization of pumped hydro system and solar- Engr. Abdul-Azeez.pdf
fxintegritypublishin
 
ASME IX(9) 2007 Full Version .pdf
ASME IX(9) 2007 Full Version .pdfASME IX(9) 2007 Full Version .pdf
ASME IX(9) 2007 Full Version .pdf
AhmedHussein950959
 
Runway Orientation Based on the Wind Rose Diagram.pptx
Runway Orientation Based on the Wind Rose Diagram.pptxRunway Orientation Based on the Wind Rose Diagram.pptx
Runway Orientation Based on the Wind Rose Diagram.pptx
SupreethSP4
 
CFD Simulation of By-pass Flow in a HRSG module by R&R Consult.pptx
CFD Simulation of By-pass Flow in a HRSG module by R&R Consult.pptxCFD Simulation of By-pass Flow in a HRSG module by R&R Consult.pptx
CFD Simulation of By-pass Flow in a HRSG module by R&R Consult.pptx
R&R Consult
 

Recently uploaded (20)

ethical hacking-mobile hacking methods.ppt
ethical hacking-mobile hacking methods.pptethical hacking-mobile hacking methods.ppt
ethical hacking-mobile hacking methods.ppt
 
Nuclear Power Economics and Structuring 2024
Nuclear Power Economics and Structuring 2024Nuclear Power Economics and Structuring 2024
Nuclear Power Economics and Structuring 2024
 
The role of big data in decision making.
The role of big data in decision making.The role of big data in decision making.
The role of big data in decision making.
 
Standard Reomte Control Interface - Neometrix
Standard Reomte Control Interface - NeometrixStandard Reomte Control Interface - Neometrix
Standard Reomte Control Interface - Neometrix
 
CME397 Surface Engineering- Professional Elective
CME397 Surface Engineering- Professional ElectiveCME397 Surface Engineering- Professional Elective
CME397 Surface Engineering- Professional Elective
 
Sachpazis:Terzaghi Bearing Capacity Estimation in simple terms with Calculati...
Sachpazis:Terzaghi Bearing Capacity Estimation in simple terms with Calculati...Sachpazis:Terzaghi Bearing Capacity Estimation in simple terms with Calculati...
Sachpazis:Terzaghi Bearing Capacity Estimation in simple terms with Calculati...
 
AKS UNIVERSITY Satna Final Year Project By OM Hardaha.pdf
AKS UNIVERSITY Satna Final Year Project By OM Hardaha.pdfAKS UNIVERSITY Satna Final Year Project By OM Hardaha.pdf
AKS UNIVERSITY Satna Final Year Project By OM Hardaha.pdf
 
The Benefits and Techniques of Trenchless Pipe Repair.pdf
The Benefits and Techniques of Trenchless Pipe Repair.pdfThe Benefits and Techniques of Trenchless Pipe Repair.pdf
The Benefits and Techniques of Trenchless Pipe Repair.pdf
 
Final project report on grocery store management system..pdf
Final project report on grocery store management system..pdfFinal project report on grocery store management system..pdf
Final project report on grocery store management system..pdf
 
block diagram and signal flow graph representation
block diagram and signal flow graph representationblock diagram and signal flow graph representation
block diagram and signal flow graph representation
 
Cosmetic shop management system project report.pdf
Cosmetic shop management system project report.pdfCosmetic shop management system project report.pdf
Cosmetic shop management system project report.pdf
 
MCQ Soil mechanics questions (Soil shear strength).pdf
MCQ Soil mechanics questions (Soil shear strength).pdfMCQ Soil mechanics questions (Soil shear strength).pdf
MCQ Soil mechanics questions (Soil shear strength).pdf
 
Water Industry Process Automation and Control Monthly - May 2024.pdf
Water Industry Process Automation and Control Monthly - May 2024.pdfWater Industry Process Automation and Control Monthly - May 2024.pdf
Water Industry Process Automation and Control Monthly - May 2024.pdf
 
space technology lecture notes on satellite
space technology lecture notes on satellitespace technology lecture notes on satellite
space technology lecture notes on satellite
 
Top 10 Oil and Gas Projects in Saudi Arabia 2024.pdf
Top 10 Oil and Gas Projects in Saudi Arabia 2024.pdfTop 10 Oil and Gas Projects in Saudi Arabia 2024.pdf
Top 10 Oil and Gas Projects in Saudi Arabia 2024.pdf
 
power quality voltage fluctuation UNIT - I.pptx
power quality voltage fluctuation UNIT - I.pptxpower quality voltage fluctuation UNIT - I.pptx
power quality voltage fluctuation UNIT - I.pptx
 
Hybrid optimization of pumped hydro system and solar- Engr. Abdul-Azeez.pdf
Hybrid optimization of pumped hydro system and solar- Engr. Abdul-Azeez.pdfHybrid optimization of pumped hydro system and solar- Engr. Abdul-Azeez.pdf
Hybrid optimization of pumped hydro system and solar- Engr. Abdul-Azeez.pdf
 
ASME IX(9) 2007 Full Version .pdf
ASME IX(9) 2007 Full Version .pdfASME IX(9) 2007 Full Version .pdf
ASME IX(9) 2007 Full Version .pdf
 
Runway Orientation Based on the Wind Rose Diagram.pptx
Runway Orientation Based on the Wind Rose Diagram.pptxRunway Orientation Based on the Wind Rose Diagram.pptx
Runway Orientation Based on the Wind Rose Diagram.pptx
 
CFD Simulation of By-pass Flow in a HRSG module by R&R Consult.pptx
CFD Simulation of By-pass Flow in a HRSG module by R&R Consult.pptxCFD Simulation of By-pass Flow in a HRSG module by R&R Consult.pptx
CFD Simulation of By-pass Flow in a HRSG module by R&R Consult.pptx
 

Module17 nat v2

  • 1. 1 1 Network Address Translation (NAT) Relates to Lab 7. Module about private networks and NAT. 2 Private Network • Private IP network is an IP network that is not directly connected to the Internet • IP addresses in a private network can be assigned arbitrarily. – Not registered and not guaranteed to be globally unique • Generally, private networks use addresses from the following experimental address ranges (non-routable addresses): – 10.0.0.0 – 10.255.255.255 – 172.16.0.0 – 172.31.255.255 – 192.168.0.0 – 192.168.255.255
  • 2. 2 3 Private Addresses 4 Network Address Translation (NAT) • NAT is a router function where IP addresses (and possibly port numbers) of IP datagrams are replaced at the boundary of a private network • NAT is a method that enables hosts on private networks to communicate with hosts on the Internet • NAT is run on routers that connect private networks to the public Internet, to replace the IP address-port pair of an IP packet with another IP address-port pair.
  • 3. 3 5 Basic operation of NAT • NAT device has address translation table H1 private address: 10.0.1.2 public address: 128.143.71.21 H5 Private network Internet Source = 10.0.1.2 Destination = 213.168.112.3 Source = 128.143.71.21 Destination = 213.168.112.3 public address: 213.168.112.3 NAT device Source = 213.168.112.3 Destination = 128.143.71.21 Source = 213.168.112.3 Destination = 10.0.1.2 Private Address Public Address 10.0.1.2 128.143.71.21 6 Main uses of NAT • Pooling of IP addresses • Supporting migration between network service providers • IP masquerading • Load balancing of servers
  • 4. 4 7 Pooling of IP addresses • Scenario: Corporate network has many hosts but only a small number of public IP addresses • NAT solution: – Corporate network is managed with a private address space – NAT device, located at the boundary between the corporate network and the public Internet, manages a pool of public IP addresses – When a host from the corporate network sends an IP datagram to a host in the public Internet, the NAT device picks a public IP address from the address pool, and binds this address to the private address of the host 8 Pooling of IP addresses
  • 5. 5 9 Supporting migration between network service providers • Scenario: In CIDR, the IP addresses in a corporate network are obtained from the service provider. Changing the service provider requires changing all IP addresses in the network. • NAT solution: – Assign private addresses to the hosts of the corporate network – NAT device has static address translation entries which bind the private address of a host to the public address. – Migration to a new network service provider merely requires an update of the NAT device. The migration is not noticeable to the hosts on the network. Note: – The difference to the use of NAT with IP address pooling is that the mapping of public and private IP addresses is static. 10 Supporting migration between network service providers H1 private address: 10.0.1.2 public address: 128.143.71.21 128.195.4.120 Source = 10.0.1.2 Destination = 213.168.112.3 NAT device Private Address Public Address 10.0.1.2 128.143.71.21 128.195.4.120 128.143.71.21 128.195.4.120 Source = 128.143.71.21 Destination = 213.168.112.3 Source = 128.195.4.120 Destination = 213.168.112.3 ISP 2 allocates address block 128.195.4.0/24 to private network: Private network ISP 1 allocates address block 128.143.71.0/24 to private network:
  • 6. 6 11 IP masquerading • Also called: Network address and port translation (NAPT), port address translation (PAT). • Scenario: Single public IP address is mapped to multiple hosts in a private network. • NAT solution: – Assign private addresses to the hosts of the corporate network – NAT device modifies the port numbers for outgoing traffic 12 IP masquerading H1 private address: 10.0.1.2 Private network Source = 10.0.1.2 Source port = 2001 Source = 128.143.71.21 Source port = 2100 NAT device Private Address Public Address 10.0.1.2/2001 128.143.71.21/2100 10.0.1.3/3020 128.143.71.21/4444 H2 private address: 10.0.1.3 Source = 10.0.1.3 Source port = 3020 Internet Source = 128.143.71.21 Destination = 4444 128.143.71.21
  • 7. 7 13 Load balancing of servers • Scenario: Balance the load on a set of identical servers, which are accessible from a single IP address • NAT solution: – Here, the servers are assigned private addresses – NAT device acts as a proxy for requests to the server from the public network – The NAT device changes the destination IP address of arriving packets to one of the private addresses for a server – A sensible strategy for balancing the load of the servers is to assign the addresses of the servers in a round-robin fashion. 14 Load balancing of servers Private network Source = 213.168.12.3 Destination = 128.143.71.21 NAT device Private Address Public Address 10.0.1.2 128.143.71.21 Inside network 10.0.1.4 128.143.71.21 Internet 128.143.71.21 S1 S2 S3 10.0.1.4 10.0.1.3 10.0.1.2 Source = 128.195.4.1 20 Destination = 10.0.1.2 Public Address 128.195.4.120 Outside network 213.168.12.3 Source = 128.195.4.120 Destination = 128.143.71.21 Source = 128.195.4 .120 Destination = 10.0.1.4
  • 8. 8 15 Concerns about NAT • Performance: – Modifying the IP header by changing the IP address requires that NAT boxes recalculate the IP header checksum – Modifying port number requires that NAT boxes recalculate TCP checksum • Fragmentation – Care must be taken that a datagram that is fragmented before it reaches the NAT device, is not assigned a different IP address or different port numbers for each of the fragments. 16 Concerns about NAT • End-to-end connectivity: – NAT destroys universal end-to-end reachability of hosts on the Internet. – A host in the public Internet often cannot initiate communication to a host in a private network. – The problem is worse, when two hosts that are in a private network need to communicate with each other.
  • 9. 9 17 Concerns about NAT • IP address in application data: – Applications that carry IP addresses in the payload of the application data generally do not work across a private- public network boundary. – Some NAT devices inspect the payload of widely used application layer protocols and, if an IP address is detected in the application-layer header or the application payload, translate the address according to the address translation table. 18 NAT and FTP H1 H2 public address: 128.143.72.21 FTP client FTP server PORT 128.143.72.21/1027 200 PORT command successful public address: 128.195.4.120 RETR myfile 150 Opening data connection establish data connection • Normal FTP operation
  • 10. 10 19 NAT and FTP • NAT device with FTP support H1 Private network NAT device H2 private address: 10.0.1.3 public address: 128.143.72.21 Internet FTP client FTP server PORT 10.0.1.3/1027 PORT 128.143.72.21/1027 200 PORT command successful200 PORT command successful RETR myfile establish data connection RETR myfile 150 Opening data connection150 Opening data connection establish data connection 20 NAT and FTP • FTP in passive mode and NAT. H1 Private network NAT device H2 private address: 10.0.1.3 public address: 128.143.72.21 Internet FTP client FTP server PASV PASV Entering Passive Mode 128.195.4.120/10001 Entering Passive Mode 128.195.4.120/10001 public address: 128.195.4.120 Establish data connection Establish data connection
  • 11. 11 21 Configuring NAT in Linux • Linux uses the Netfilter/iptable package to add filtering rules to the IP module Incoming datagram filter INPUT Destination is local? filter FORWARD nat OUTPUT To application From application Outgoing datagram nat POSTROUTING (SNAT) No Yes filter OUTPUT nat PREROUTING (DNAT) 22 Configuring NAT with iptable • First example: iptables –t nat –A POSTROUTING –s 10.0.1.2 –j SNAT --to-source 128.143.71.21 • Pooling of IP addresses: iptables –t nat –A POSTROUTING –s 10.0.1.0/24 –j SNAT --to-source 128.128.71.0–128.143.71.30 • ISP migration: iptables –t nat –R POSTROUTING –s 10.0.1.0/24 –j SNAT --to-source 128.195.4.0–128.195.4.254 • IP masquerading: iptables –t nat –A POSTROUTING –s 10.0.1.0/24 –o eth1 –j MASQUERADE • Load balancing: iptables -t nat -A PREROUTING -i eth1 -j DNAT --to- destination 10.0.1.2-10.0.1.4