NAT -->
In a typical configuration, a local network uses one of the designated "private" IP address subnets (RFC 1918). Private Network Addresses are 192.168.x.x, 172.16.x.x through 172.31.x.x, and 10.x.x.x (or using CIDR notation, 192.168/16, 172.16/12, and 10/8), and a router on that network has a private address (such as 192.168.0.1) in that address space. The router is also connected to the Internet with a single "public" address (known as "overloaded" NAT) or multiple "public" addresses assigned by an ISP. As traffic passes from the local network to the Internet, the source address in each packet is translated on the fly from the private addresses to the public address(es). The router tracks basic data about each active connection (particularly the destination address and port). When a reply returns to the router, it uses the connection tracking data it stored during the outbound phase to determine where on the internal network to forward the reply; the TCP or UDP client port numbers are used to demultiplex the packets in the case of overloaded NAT, or IP address and port number when multiple public addresses are available, on packet return. To a host on the Internet, the router itself appears to be the source/destination for this traffic.
different types -->
NAT can be static or dynamic. In static NAT, there is a one-to-one mapping between each private address and a public address. The NAT process consists of modifying the source IP address on outgoing packets to the public address, and modifying the destination IP address on incoming packets to the private address. In this situation, an organization is required to have as many public network addresses as private network addresses, which sometimes isn’t possible (for technical or political reasons). In dynamic NAT, there is a pool of public addresses, and internal hosts needing Internet connectivity will be mapped to the next available public address on an as-needed basis. When the connection is terminated, the public address is returned to the pool, to be used again. Because of this re-use, it is possible to have a smaller number of public addresses than you have machines with private addresses – as long as all of the internal machines aren’t using the Internet simultaneously.
A variation on dynamic NAT is Port Address Translation (PAT). PAT, sometimes known as “single address NAT,” is a specific case of NAT in which there is one external address, and multiple internal computers connecting to Internet hosts through it. In this case, not only does the IP address in the packet change… so does the TCP/IP port number. (This is required because multiple internal connections are sharing the same public IP address simultaneously, and a connection using the same port number on the public address can’t be guaranteed, since someone else may already have it.) An alternate explanation of PAT is that it is used to redirect requests for access to a specific port number on the external address, to a specific internal machine, based on a table of address/port redirections set up by the administrator.
For example, if you have one external address, you might redirect port 80 packets to a web server in your network, port 25 packets to a mail server, etc. In this case, the port number of the packet doesn’t change, but the address does.
Static NAT involves a fixed one-to-one mapping of a private address to a public address, for each node in the private network. The port numbers in the packet do not change.
Dynamic NAT involves as-needed mapping of a private address to the next available public address in a pool of possible addresses.
PAT involves mapping multiple private addresses to a single public address. This is accomplished by also translating port numbers. PAT can be used so that requests to different port numbers at the same IP address are routed to different hosts.
A host at IP address 192.168.0.2 on the private network may ask for a connection to a remote host on the public network. The initial packet is given the address 192.168.0.2:15345. The PAT device (which we assume has a public IP of 1.2.3.4) may arbitrarily translate this source address:port pair to 1.2.3.4:16529, making an entry in its internal table that port 16529 being used for a connection by 192.168.0.2 on the private network. When a packet is received from the public network by the PAT device for address 1.2.3.4:16529 the packet is forwarded to 192.168.0.2:15345.
PAT resolves conflicts that would arise through two different hosts using the same source port number to establish unique connections at the same time.
In addition to the advantages provided by NAT:
In a typical configuration, a local network uses one of the designated "private" IP address subnets (RFC 1918). Private Network Addresses are 192.168.x.x, 172.16.x.x through 172.31.x.x, and 10.x.x.x (or using CIDR notation, 192.168/16, 172.16/12, and 10/8), and a router on that network has a private address (such as 192.168.0.1) in that address space. The router is also connected to the Internet with a single "public" address (known as "overloaded" NAT) or multiple "public" addresses assigned by an ISP. As traffic passes from the local network to the Internet, the source address in each packet is translated on the fly from the private addresses to the public address(es). The router tracks basic data about each active connection (particularly the destination address and port). When a reply returns to the router, it uses the connection tracking data it stored during the outbound phase to determine where on the internal network to forward the reply; the TCP or UDP client port numbers are used to demultiplex the packets in the case of overloaded NAT, or IP address and port number when multiple public addresses are available, on packet return. To a host on the Internet, the router itself appears to be the source/destination for this traffic.
different types -->
- Static NAT - This is the simplest and more straightforward type of NAT and is also the most restrictive. A static NAT defines a one to one mapping between an internal and external IP address. The advantages of using a static NAT is that it is very easy to set up and few things can go wrong when you are configuring a static NAT. The disadvantage is that this method requires a global IP address for every NAT entry which might not be possible (or may be very expensive) especially if you are routing to the internet.
- Dynamic NAT (without PAT) - This defines a mapping between internal addresses and a pool of external addresses. This is similar to the static NAT, however, instead of one external address to map to, there are now several. This is a more flexible configuration, however, this might be an expensive solution due to the cost of internet IP addresses.
- Port Address Translation (PAT) - This defines a mapping between many internal addresses and one external IP address. In this case, many internal addresses can share 1 external IP address and this is a cost effective means doing network address translation. PAT can also be configured with a pool of external IP addresses for maximum flexibility.
NAT can be static or dynamic. In static NAT, there is a one-to-one mapping between each private address and a public address. The NAT process consists of modifying the source IP address on outgoing packets to the public address, and modifying the destination IP address on incoming packets to the private address. In this situation, an organization is required to have as many public network addresses as private network addresses, which sometimes isn’t possible (for technical or political reasons). In dynamic NAT, there is a pool of public addresses, and internal hosts needing Internet connectivity will be mapped to the next available public address on an as-needed basis. When the connection is terminated, the public address is returned to the pool, to be used again. Because of this re-use, it is possible to have a smaller number of public addresses than you have machines with private addresses – as long as all of the internal machines aren’t using the Internet simultaneously.
A variation on dynamic NAT is Port Address Translation (PAT). PAT, sometimes known as “single address NAT,” is a specific case of NAT in which there is one external address, and multiple internal computers connecting to Internet hosts through it. In this case, not only does the IP address in the packet change… so does the TCP/IP port number. (This is required because multiple internal connections are sharing the same public IP address simultaneously, and a connection using the same port number on the public address can’t be guaranteed, since someone else may already have it.) An alternate explanation of PAT is that it is used to redirect requests for access to a specific port number on the external address, to a specific internal machine, based on a table of address/port redirections set up by the administrator.
For example, if you have one external address, you might redirect port 80 packets to a web server in your network, port 25 packets to a mail server, etc. In this case, the port number of the packet doesn’t change, but the address does.
Static NAT involves a fixed one-to-one mapping of a private address to a public address, for each node in the private network. The port numbers in the packet do not change.
Dynamic NAT involves as-needed mapping of a private address to the next available public address in a pool of possible addresses.
PAT involves mapping multiple private addresses to a single public address. This is accomplished by also translating port numbers. PAT can be used so that requests to different port numbers at the same IP address are routed to different hosts.
PAT(Overloaded NAT) -->
Examples of PAT :A host at IP address 192.168.0.2 on the private network may ask for a connection to a remote host on the public network. The initial packet is given the address 192.168.0.2:15345. The PAT device (which we assume has a public IP of 1.2.3.4) may arbitrarily translate this source address:port pair to 1.2.3.4:16529, making an entry in its internal table that port 16529 being used for a connection by 192.168.0.2 on the private network. When a packet is received from the public network by the PAT device for address 1.2.3.4:16529 the packet is forwarded to 192.168.0.2:15345.
PAT resolves conflicts that would arise through two different hosts using the same source port number to establish unique connections at the same time.
In addition to the advantages provided by NAT:
- PAT allows many internal hosts to share a single external IP address.
No comments:
Post a Comment