January 22, 2012

1.3.4 NAT

NAT

Network Address Translation (NAT) as defined in RFC 1631 enables a LAN to use one set of IP addresses for internal traffic and a second set of addresses for external traffic.

NAT acts as a proxy between the local area network (which can be using private IP addresses) and the Internet (which must use public IP addresses).

Most NAT implementations assign internal hosts private IP address numbers and use public addresses only for the NAT to translate to and communicate with the outside world. The private address ranges are as follows:
  • 10.0.0.0–10.255.255.255
  • 172.16.0.0–172.31.255.255
  • 192.168.0.0–192.168.255.255
NAT is like the receptionist in a large office. The client calls the main number to your office, which is the only number the client knows. When the client tells the receptionist that she is looking for you, the receptionist checks a lookup table that matches your name with your extension. The receptionist knows that you requested this call, and therefore forwards the caller to your extension.

NAT has many forms and can work in several ways including: Static NAT – Mapping an unregistered IP address to a registered IP address on a one-to-one basis., Port Address Translation  – A form of dynamic NAT that maps multiple unregistered IP addresses to a single registered IP address by using different ports.
NAT only allows connections that originated on the inside network. This means, that an internal client can connect to an outside FTP server, however an outside client will not be able to connect to an internal FTP server because it would have to originate the connection and NAT will not allow that.

The value of using NAT includes:

  • Security – external users do not know the real IP addresses of internal hosts
  • Efficiency – as it limits the number of public IP addresses an organization or company must use

NAT effectively hides your network from the world, making it much harder to determine what systems exist on the other side of the router. The NAT server effectively operates as a firewall for the network.
In addition to NAT, Port Address Translation (PAT) is possible. Whereas NAT can use multiple public IP addresses, PAT uses a single one and shares the port with the network.

Along with Classless Interdomain Routing (CIDR), NAT helps reduce the need for a large amount of publicly known IP addresses by an organization or user.

References:

  • http://computer.howstuffworks.com/nat1.htm
  • http://www.vicomsoft.com/learning-center/network-address-translation/
  • http://www.faqs.org/rfcs/
  • CompTIA Security+ Study Guide: Exam SY0-301, Fifth Edition by Emmett Dulaney

No comments:

Post a Comment