NAT is network address translation – It is used for better address utilization and also for security. If we use only one IP to the external world and all the machines in the local network use internal IP addresses, then it saves lot of address usage. Also it improves security as internal machines are not exposed to the outside world.
How does NAT works ? NAT has many different varieties of implementation. Of this popular is PAT(Port address translation).
How does NAT works ?
Assume 200.100.100.100 is the global IP available and internal IPs are in the range 10.x.x.x. Say if i try to have a HTTP connection to 203.179.222.22 from my machine ( which is 10.1.1.4) - the initial packet may look like this ( src Ip - 10.1.1.4, src port - say 1000, dest ip - 203.179.222.22 dest port - 80). The packet reaches the gateway, where NATing will take place transparent to the user. For each connection a mapping will be made - in this case for (10.1.1.4, 1000) a corresponding entry may be (200.100.100.100, 5000) where 200.100.100.100 is the public IP and 5000 is a free port selected from the available list.
So the entry is fo (10.1.1.4,1000) port is 5000. The packet will be modified and send to the outside world. The packet will become [ src IP - 200.100.100.100, src port -5000 and dest ip - 203.179.222.22 and dest port 80]. So the destination 203.179.222.22 is aware only of source 200.100.100.100 and will respond to that. When it reaches 200.100.100.100 it will look at the dest port - that is 5000 and will look for an entry in NAT table. In this case it will find that the entry is (10.1.1.4,1000) and will replace the destip, dest port with that and forward to the internal network.
The full process of NATing happens transparent to the user. Also NATing is assymetrical - it is used to access only outside world, from outside you cannot access inside machines. Administrators usually configure which all networks have to be NATed. All packets from other networks are simply forwarded.
NATing happens in layer 3/ Layer4. People sometimes confuses NATing with Proxying. Proxy is in application layer – some application sitting in the middle is proxying for the client as well as the server. It is not transparent, the client has to know about the proxy.
i am learning the basics.......!
Subscribe to:
Post Comments (Atom)
Blog Archive
I visit
About Me
- Anoop G
- Predictably Unpredicatble, lazy, careless, sincere, honest, caring, Trouble maker, emotional, likeable
3 comments:
good one
This is a good and brilliant technical blog. I am a daily reader of your blog. There is no updation for past weeks. I am living in New Jersey. When you will have your next blog?
Thanks elizebath..,
It defintely motivates to write my understandings.
Post a Comment