adam's notes

Network Address Translation (NAT)

  • edge router facilitates communications between the private and public network
  • to communicate on the Internet, a host must use an address from a public IP range
    • these are in short supply for IPv4
    • various mechanisms have been devised to reduce the need for public addresses
  • Network Address Translation is one mechanism

Network Address Translation (NAT) is a routing mechanism that conceals internal addressing schemes from the public Internet by translating between a single public address on the external side of a router and private, non-routable addresses internally.

  • primarily deployed as a service translating between a private (local) addressing scheme used by hosts on the LAN and a public (or global) addressing scheme used by an Internet-facing device
  • not a security mechanism
    • security is provided by the router/firewall’s ACL

Types

Static NAT

  • static NAT configuration
    • a 1:1 mapping is made between the private (inside local) network address and the public (inside global) address
    • if the destination network is using NAT, it is described as having outside global and outside local addressing schemes
    • is useful in scenarios where an inbound connection to a host must be supported
      • E.g., might position a web server behind a firewall running NAT
        • firewall performs 1:1 address translation on the web server’s IP address
        • means that external hosts do not know the true IP address of the web server, but can communicate with it

  • a single static mapping is not very useful in most scenarios

Dynamic NAT

  • under dynamic NAT
    • NAT device exposes a pool of public IP addresses
    • to support inbound and outbound connections between the private network and the Internet,
      • NAT service builds a table of public to private address mappings
      • each new session creates a new public-private address binding in the table
      • when the session is ended or times out, the binding is released for use by another host
    • allows internal hosts to contact external hosts, but not vice versa
      • external hosts cannot initiate communications with internal hosts

Graph View

Backlinks