Survey
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
IEEE 802.1aq wikipedia , lookup
Computer network wikipedia , lookup
Airborne Networking wikipedia , lookup
Piggybacking (Internet access) wikipedia , lookup
Network tap wikipedia , lookup
Distributed firewall wikipedia , lookup
Wake-on-LAN wikipedia , lookup
Recursive InterNetwork Architecture (RINA) wikipedia , lookup
List of wireless community networks by region wikipedia , lookup
encor e!n etworks • Version A.1, March 2010 TM © 2013 Encore Networks, Inc. All rights reserved. Network Address Translation I P addresses have been divided into public IP addresses, for use over the internet, and private IP addresses, for use in intranets (private networks). (For more information, see IP Addresses.) A private address suffices for traffic within a private network. However, when a device on a private intranet needs to communicate over the public internet, it must use a public IP address. Network Address Translation (NAT) converts, or translates, a device’s private IP address to a public IP address assigned to the IP gateway. This translation accomplishes two purposes: • To conserve the availability of public IP addresses, by allowing several devices on a private network to use the same public IP address. (This is NAT’s original purpose.) • To hide private addresses behind public addresses. NAT provides an IP firewall at the public interface (the gateway, the connection to the internet). It protects the private network because it discloses only the public IP address.1 (This benefit from NAT is an additional purpose.) 2.1 The NAT Mechanism Figure 2-1 shows a private network. A PC on the private network has a private IP address. The BANDIT is the private network’s gateway to the public internet. The BANDIT has a private IP address and a public IP address. The BANDIT’s NAT routine sees the BANDIT’s public IP address on the BANDIT’s public (WAN) port, and the NAT sees the BANDIT’s private IP address on the BANDIT’s private (LAN) port. Note: The NAT mechanism lies within the BANDIT itself, and is independent of the type of connection the BANDIT has with the internet. If the PC in Figure 2-1 needs to communicate with a device outside the private network, its communication packets go through the BANDIT. The BANDIT’s NAT routine translates the PC’s private IP address, 192.168.101.86, to the BANDIT’s public IP address, 204.180.55.1, before passing the packets on to the public internet. ! Caution: The IP addresses used in the discussions are merely for illustration. Do not use those IP addresses; get all IP addresses from your network administrator. 1. NAT’s firewall function does not provide rigorous protection. We recommend using the BANDIT’s dynamic firewall or stateful-inspection firewall for better protection. See The BANDIT Device as Firewall. For information on trademarks, safety, limitations of liability, and similar topics, see Notices. Home Module: Address Translation Document 2 Page 2 Address Translation, Document 2 Figure 2-1. Network Address Translation Process 2.2 NAT Overview NAT translates a private IP address to a public IP address, to allow a device on a private network to communicate over the internet. NAT recalculates checksums to account for changes in IP addresses and port numbers. When NAT is used, all traffic from the private network appears (to outside parties) to originate from the private network’s gateway. The classic NAT model translates an internal device’s private IP address to the gateway’s public IP address for traversing the internet. This occurs dynamically, when an internal device needs access to an external device. Because of the dynamic set-up, an external device can transmit packets to the internal device only after the internal device has initiated communication. This is because, until a device on the private network initiates contact outside the network, there is no translation of its private IP address to a public IP address. In a dynamic process, there is no correlation of the public IP address to a particular private IP address until an internal device initiates communication. However, a non-dynamic process—a static NAT table—can permanently map the gateway’s public IP addresses to hosts within the private network, to allow outside services such as e-mail, FTP, and remote log-in to initiate connection with a device on the private network. Note: NAT, as practiced, generally includes Port Address Translation, to provide a way to provide a public IP address for more than one internal device at a time. Network Address Translation 2.3 Page 3 Record Retention An address translation record is created in a dynamic NAT table when a device on the private network initiates communication with a device outside the network. A record in the dynamic NAT table is temporary; it remains in the table until it times out or until space is needed for a newer record. An address translation record is created in a static NAT table when you configure it. A record in the static NAT table is permanent; it remains in the table until you purge it. See the following for basic approaches to NAT: • Address Masquerading and Dynamic Network Address Translation • Static Network Address Translation Note: To compare NAT types, see Comparison of Address Translation Methods. Page 4 Address Translation, Document 2