How to configure NAT

by Leon Tufallo.
Share
|
Homepage | Submit your article | Contact | TOS
More articles on network security  

You are here: Categories » Electronics and communication » Network security

When you configure a router to use NAT, you configure one interface to the inside of your network and another to the outside of your network. Any packets that have a source address belonging to the "inside" portion of your network have an inside local address as the source address and an outside local address as the destination address. The packet resides on the "inside" portion of your network. When that same packet gets switched to the "outside" network, the packet's source is known as the inside global address, and the packet's destination is known as the outside global address.

For any packet that has a source address belonging to the "outside" portion of your network, while it is on the "outside" network, its source address is known as the outside global address. The packet's destination is known as the inside global address. When the same packet gets switched to the "inside" of your network, the source address is known as the outside local address, and the packet's destination is known as the inside local address.

The following are the different types of addressing that are associated with NAT:

  • Inside local address An IP address that is assigned to a host on your inside network.

  • Inside global address A legitimate IP address that represents one or more of your inside local IP addresses to the outside world.

  • Outside local address An IP address of an outside host as it appears to your inside network.

  • Outside global address An IP address assigned to a host on the outside network by the owner of the host that is allocated from the globally routable address or network space.

A typical NAT implementation has NAT configured on the exit router between a stub domain and backbone, such as the Internet. When a packet leaves your domain, NAT translates the locally significant source address into a globally unique address and records it to memory. If the return packet matches what NAT has recorded, the packet is allowed back into the network. Otherwise, when a packet enters your domain, NAT translates the globally unique destination address into a local address if it's configured. Remember, if your domain has more than one exit point, each NAT process must have the same translation table to ensure proper translation. If NAT runs out of available addresses, the packet is dropped, and an ICMP host unreachable message is returned to the packet's originator.

When using PAT, in which several internal addresses are translated to only one or a few external addresses, additional translations of the packet are performed. Because each internal address may be translated to a single external address, PAT translates each packet's source port to a unique source port number, a 16-bit number or 65,536 ports per IP address, on the inside global IP address. This distinguishes them from other packets that are being translated. PAT tries to preserve the original source port. However, if the source port is already used in a translation, PAT attempts to find the first available port number, starting from the beginning of the appropriate port group0 to 511, 512 to 1023, or 1024 to 65535. If PAT cannot allocate another port number from the appropriate group, and you configured more than one IP address, PAT moves to the next IP address and tries to allocate the original source port again. This process continues until PAT runs out of available IP addresses and ports.

When your router is configured to use NAT, it must not advertise local networks to the outside. However, routing information that NAT receives from the outside may still be advertised in the stub domain as usual

Share
Leave a comment or ask a question
Total comments: 0

Network security Disclaimer

  • The e-articles directory is not responsible for any and all copyright infringements by writers and authors. If you suspect the information contained by this page for any copyright infringements, please contact us to investigate the issue
Layer 1 Wireless Security Basics - Let's build on the more technical aspects of the discussed policy considerations. We'll start from physical layer security. The physical layer security of wireless networks encompasses avoiding (more...)
Network Vulnerability Analysis - Vulnerability analysis, sometimes called vulnerability scanning, is the act of determining which security holes and vulnerabilities may be applicable to the target network. In order to do this, (more...)
Wireless attacks at Corporations Small Companies and Home Users - There is a general misconception that only large enterprises are at risk from cracking, wireless cracking included. This is a myth, but it is very prevalent. Large corporations are where the mo (more...)
Practical Use of Asymmetric Cryptography: Key distribution Authentication and Digital signatures - The basic idea of using asymmetric cryptography is distributing public keys while keeping the private keys private and using a person's public key to encrypt data sent to this particular indivi (more...)
Deploying a Linux Based Custom Built Hardened Wireless Gateway - We have to ensure the security of the gateway that separates our AP or bridge or wireless-connected VLAN from the wired side. Such gateways are nothing more (or less) than a flexible stat (more...)
Network Isolation - Isolation of networks affects the flow of network data, which services run on particular systems, and where they are located. It does not affect any of the internal or external network data f (more...)
Ethernet specification - The progenitor of all of today's networks was the Ethernet system originally developed in the 1970s at the Xerox Corporation's Palo Alto Research Center for linking its Alto workstations to lase (more...)
Network Topologies - The topology of a network is the lay of the cables across the land. Most networks involve cables, lots of them, with at least one leading to every PC. Like the proverbial can of worms, they can (more...)
Network Hierarchies - Topology describes only one physical aspect of a network. The connections between the various PCs in a network also can fit one of two logical hierarchies. The alternatives form a class system a (more...)
Wireless Networks and Security Vulnerabilities - The use of wireless networks is increasing at very fast rates worldwide, largely owing to the relative ease of use and the attendant convenience, as well as the relatively lower and ever falling co (more...)
 
free content
    Copyright © 2006 - 2012 e-articles.info.
The texts, articles and tutorials in the directory are property of their respective owners and authors.