Tuesday, March 1, 2011

Network Address Translation

NAT stands for Network Address Translation and it is the process in which the information in the IP’s datagram header is rewritten by a router or firewall. In this way many hosts of a private network can reach the internet while using one and the same IP address.
The NAT is widely used for hiding the real IPs of the private network and the essence of this mechanism is related to all the outgoing traffic through the firewall to the outside networks. Once reached the firewall, the packet gains an IP from the firewall which is configured by an administrator. In the RFC 1918 are defined the following 3 address ranges for using in the private networks:

10.0.0.0 – 10.255.255.255
172.16.0.0 – 172.31.255.255
192.168.0.0 – 192.168.255.255

The above mentioned address spaces are used for private networks and aren’t accessible from anywhere, besides the private network. This means they are protected from outside attacks. The primary function of the NAT is to provide them with access to the internet, while masking them with one of its IP addresses before delivering the request to external network. This way the NAT provides one way access to internet, meaning the host in the private network can connect directly to other hosts, but the hosts outside the private network cannot connect this host.
Practically 4 basic types of address translation exist, but 2 of them are mostly used – static NAT and dynamic NAT.
The static NAT means that on the router are configured certain amount of IP addresses which respond to another amount of IP addresses, used in the private network, thus between the private and external network exists certain connection.
Example:Internal address - External address

192.168.1.1 - 193.65.76.1

192.168.1.2 - 193.65.76.2..

192.168.2.1 - 193.76.77.1

Dynamic NAT means that on the router are configured certain amount of IP addresses which are taken for usage for external addresses in a need, thus in the private network there can be big amount of active connections to the external, but the addresses of the external network can be more than those active connections.
Example:Internal address – External address

192.168.1.17 - 193.65.76.2

192.168.1.22 - 193.65.76.3

192.168.1.29 - 193.65.76.4..

References:
http://en.wikipedia.org/wiki/Network_address_translationvv

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)