Download Network Address Translation

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
Document related concepts

IEEE 802.1aq wikipedia , lookup

Peering wikipedia , lookup

Net bias wikipedia , lookup

Computer network wikipedia , lookup

Airborne Networking wikipedia , lookup

Piggybacking (Internet access) wikipedia , lookup

Network tap wikipedia , lookup

Distributed firewall wikipedia , lookup

Wake-on-LAN wikipedia , lookup

Recursive InterNetwork Architecture (RINA) wikipedia , lookup

I²C wikipedia , lookup

List of wireless community networks by region wikipedia , lookup

Cracking of wireless networks wikipedia , lookup

Zero-configuration networking wikipedia , lookup

Transcript 
encor e!n etworks
•
Version A.1, March 2010
TM
© 2013 Encore Networks, Inc.
All rights reserved.
Network Address Translation
I
P addresses have been divided into public IP addresses, for use over the internet, and private
IP addresses, for use in intranets (private networks). (For more information, see IP Addresses.)
A private address suffices for traffic within a private network. However, when a device on a
private intranet needs to communicate over the public internet, it must use a public IP address.
Network Address Translation (NAT) converts, or translates, a device’s private IP address to a
public IP address assigned to the IP gateway. This translation accomplishes two purposes:
• To conserve the availability of public IP addresses, by allowing several devices on a private
network to use the same public IP address. (This is NAT’s original purpose.)
• To hide private addresses behind public addresses. NAT provides an IP firewall at the public
interface (the gateway, the connection to the internet). It protects the private network because
it discloses only the public IP address.1 (This benefit from NAT is an additional purpose.)
2.1
The NAT Mechanism
Figure 2-1 shows a private network. A PC on the private network has a private IP address. The
BANDIT is the private network’s gateway to the public internet. The BANDIT has a private IP
address and a public IP address.
The BANDIT’s NAT routine sees the BANDIT’s public IP address on the BANDIT’s public (WAN)
port, and the NAT sees the BANDIT’s private IP address on the BANDIT’s private (LAN) port.
Note: The NAT mechanism lies within the BANDIT itself, and is independent of the type of
connection the BANDIT has with the internet.
If the PC in Figure 2-1 needs to communicate with a device outside the private network, its
communication packets go through the BANDIT. The BANDIT’s NAT routine translates the PC’s
private IP address, 192.168.101.86, to the BANDIT’s public IP address, 204.180.55.1, before passing
the packets on to the public internet.
!
Caution: The IP addresses used in the discussions are merely for illustration. Do not use
those IP addresses; get all IP addresses from your network administrator.
1. NAT’s firewall function does not provide rigorous protection. We recommend using the BANDIT’s dynamic
firewall or stateful-inspection firewall for better protection. See The BANDIT Device as Firewall.
For information on trademarks, safety, limitations
of liability, and similar topics, see Notices.
Home Module: Address Translation
Document 2
Page 2
Address Translation, Document 2
Figure 2-1. Network Address Translation Process
2.2
NAT Overview
NAT translates a private IP address to a public IP address, to allow a device on a private
network to communicate over the internet. NAT recalculates checksums to account for
changes in IP addresses and port numbers. When NAT is used, all traffic from the private
network appears (to outside parties) to originate from the private network’s gateway.
The classic NAT model translates an internal device’s private IP address to the gateway’s
public IP address for traversing the internet. This occurs dynamically, when an internal
device needs access to an external device. Because of the dynamic set-up, an external device
can transmit packets to the internal device only after the internal device has initiated
communication. This is because, until a device on the private network initiates contact
outside the network, there is no translation of its private IP address to a public IP address. In
a dynamic process, there is no correlation of the public IP address to a particular private IP
address until an internal device initiates communication.
However, a non-dynamic process—a static NAT table—can permanently map the gateway’s
public IP addresses to hosts within the private network, to allow outside services such as
e-mail, FTP, and remote log-in to initiate connection with a device on the private network.
Note: NAT, as practiced, generally includes Port Address Translation, to provide a way to
provide a public IP address for more than one internal device at a time.
Network Address Translation
2.3
Page 3
Record Retention
An address translation record is created in a dynamic NAT table when a device on the
private network initiates communication with a device outside the network. A record in the
dynamic NAT table is temporary; it remains in the table until it times out or until space is
needed for a newer record.
An address translation record is created in a static NAT table when you configure it. A record
in the static NAT table is permanent; it remains in the table until you purge it.
See the following for basic approaches to NAT:
• Address Masquerading and Dynamic Network Address Translation
• Static Network Address Translation
Note: To compare NAT types, see Comparison of Address Translation Methods.
Page 4
Address Translation, Document 2
Related documents
Network Address Translation (NAT)
Network Address Translation (NAT)
Network Address Translation (NAT)
Network Address Translation (NAT)
Document
Document
Network Address Translation (NAT)
Network Address Translation (NAT)
percussion WHAT IS INVOLVED IN NAT 5 MUSIC?
percussion WHAT IS INVOLVED IN NAT 5 MUSIC?
Transcript: Introducing NAT
Transcript: Introducing NAT
Document
Document
Network Address Translation for Inbound Connections in Paradigm
Network Address Translation for Inbound Connections in Paradigm
VPN and NAT
VPN and NAT
Cornell Chap 3,4 - Santa Rosa Home
Cornell Chap 3,4 - Santa Rosa Home
Discovery 3 Module 4 Quiz
Discovery 3 Module 4 Quiz
Princess Margaret Cancer Centre
Princess Margaret Cancer Centre
Maha R Farhat, MD MSc Massachusetts General Hospital Harvard
Maha R Farhat, MD MSc Massachusetts General Hospital Harvard
How Network Address Translation Works
How Network Address Translation Works
ppt
ppt
Network Address Translation (NAT) Background Material for Overlay
Network Address Translation (NAT) Background Material for Overlay
Network Address Translation (NAT) Virtual Private Networks (VPN)
Network Address Translation (NAT) Virtual Private Networks (VPN)
Relative Completeness for Logics of Functional Programs
Relative Completeness for Logics of Functional Programs
NAT Virtual Interface - Cisco Support Community
NAT Virtual Interface - Cisco Support Community
Modular Components for Network Address Translation - PDOS-MIT
Modular Components for Network Address Translation - PDOS-MIT
Nurse Administered Thrombolysis (NAT) Protocol for ST Elevation
Nurse Administered Thrombolysis (NAT) Protocol for ST Elevation