Scribd
Upload
19 views13 pages

Understanding Network Address Translation

Uploaded by

Sangita Shrestha
Copyright
© All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPT, PDF, TXT or read online on Scribd
19 views13 pages

Understanding Network Address Translation

Uploaded by

Sangita Shrestha
Copyright
© All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPT, PDF, TXT or read online on Scribd

NAT

What is NAT (1)


 Expand IP address space by deploying
private address and translating them
into publicly registered addresses
 Private address space
• [Link] - [Link] ([Link]/8)
• [Link] - [Link]
([Link]/12)
• [Link] - [Link]
([Link]/16)
What is NAT (2)
 First described in RFC 1631
 Technique of rewriting IP addresses
in headers and application data
streams according to a defined policy
 Based on traffic source and/or
destination IP address
NAT Example
Outgoing PPTP Client Through
NAT
Intern web
a et server
10.0.0.
2

NAT

b 204.x.1.10
[Link]
10.0.0.
3

c 10.0.0.
4
Outgoing Web Client Through
NAT
a Internet Web
[Link], port 1025 server
10.0.0.
mapped to
2
[Link], port
2000 Request received and
NAT accepted.

b [Link] [Link]
10.0.0. Connection request from ‘c’
3 forwarded to <web server> source
[Link], port 2000.

Inside IP Inside Port Out IP Out Port


c 10.0.0.
4 [Link] 1034 [Link] 2005

Connection request to
[Link] 1025 [Link] 2000
port 80 from ‘c‘ to <web
server> source [Link],
port 1025.
Outgoing Web Client Through
NAT
a Internet Web
server
10.0.0. Response sent to
2 [Link], port 2000.

NAT

b [Link]
10.0.0.
3
Translate [Link],
port 2000 to [Link] port
1025
Inside IP Inside Port Out IP Out Port
c 10.0.0.
4 [Link] 1034 [Link] 2005
[Link] 1025 [Link] 2000
NAT traffic supported
Traffic Types/Applications Supported Traffic Types/Applications not Supported
Any TCP/UDP Traffic that Does Not Carry Source and/or IP Multicast
Destination IP Addresses in the Application Data Stream
HTTP Routing Table Updates
TFTP DNS Zone Transfers
Telnet BOOTP
archie Talk, Ntalk
finger H.323
NTP VDOLive
NFS NetShow
rlogin, rsh, rcp VXtreme
Although the Following Traffic Types Carry IP SNMP
Addresses in the Application Data Stream, they
are Supported by Cisco IOS NAT:
ICMP
SMTP
FTP (Including PORT and PASV Commands)
NetBIOS over TCP/IP
Progressive Networks?RealAudio
White Pines CuSeeMe
DNS "A" and "PTR" Queries
Xing Technologies StreamWorks
NAT Summary
 NAT provides transparent and bi-
directional connectivity between
networks having arbitrary addressing
schemes
 NAT eliminates costs associated with
host renumbering
 NAT conserves IP addresses
 NAT eases IP address management
 NAT enhances network privacy
NAT Limitations
 Applications with IP-address content
• Need AGL (Application Level Gateway)
 Applications with inter-dependent
control and and data sessions
 Translation of fragmented FTP
control packets
 NAT device can be a target for
attacks
Network Address Translation
 A static NAT table is defined in
[Link]
Fictional destination
struct nat { subnet
unsigned char proxy_input_subnet[IP_ADDRESS_LEN];
unsigned char proxy_output_src_subnet[IP_ADDRESS_LEN];
unsigned char proxy_output_dest_subnet[IP_ADDRESS_LEN];
unsigned char proxy_subnet_mask[IP_ADDRESS_LEN];
}; Real destination
Subnet Mask Fictional source
NAT Table

input_subnet output_src_subnet proxy_output_dest_subnet proxy_subnet_mask

Bottom 3 bits=host
[Link] [Link] [Link] [Link]

[Link] [Link] [Link] [Link]

ping [Link]
243=0xf3=1111 0011, Bottom 3 bits=host=3 17=0x11=0001 0001, Bottom 3 bits=host=1

SRC Address DST Address Packet Type


[Link] [Link] Ping Request
[Link] [Link] Ping Request
[Link] [Link] Ping Response
[Link] [Link] Ping Response
What else
 Change ARP to respond to anything
in the input_subnet
 Passoff:
• Run one copy of your lab as server (-s)
• Ping a machine in the subnet and make
sure the response comes back through
the NAT code correctly.

You might also like