Re: Question

From: Eirik Seim (eirik@mi.uib.no)
Date: 08/23/02 

From: eirik@mi.uib.no (Eirik Seim)
Date: 22 Aug 2002 22:49:50 GMT

On Thu, 22 Aug 2002 17:58:53 +0100, Neil Appleby wrote:
> This is a multi-part message in MIME format.

Please start posting in text-only. HTML belongs on the www, not
on the usenet.

> ..and what is NAT? I know it is network address translation but what =
> does it do?

NAT is the function of rewriting network addresses, or translating them
if you'd like. In its most common implementation, it sits on the
gateway of an Internet connected LAN, translating from internal (private,
rfc1918 addresses) to unique, or "real" Internet addresses. "Globally
routable addresses" if you'd like a proper term.

In order to map several internal IP addresses to the one external, the
NAT software has to translate both the addresses and the source ports
(often refered to as PAT, Port Address Translation) so that two different
internal hosts, say 10.0.0.10 and 10.0.0.11, when connecting to the same
port on the same external server (like both browsing www.cnn.com), are
allocated different source ports by the PAT functionality, and thus
avoid collisions.

Typically, this looks like:

Src host Src port - NAT host NAT port - Dst host Dst port
10.0.0.10 1025 - 169.254.1.1 40001 - www.cnn.com 80

www.cnn.com sees this as coming from 169.254.1.1:40001, and really
believes 169.254.1.1 is the other end point of the connection.

Src host Src port - NAT host NAT port - Dst host Dst port
10.0.0.11 1025 - 169.254.1.1 40002 - www.cnn.com 80

www.cnn.com sees no different hosts, only different ports. It basically
understands this as another request from the same host, only with a
different source port.

Figured I'd write up an answer, as NAT isnt mentioned in the FAQ, but
there is also a lot of documentation to find on google:

   http://www.google.com/search?as_epq=what+is+NAT

- Eirik 

-- 
New and exciting signature!

Relevant Pages

  • Re: firewall test and NAT
    ... off Internet address is 192.168.0.xxx. ... Port probes are looking for any open Port, and if they don't find one, they move on to the next possible victim without ever responding with an ACK to the Server. ... SRC is my NAT router on my 1st Ethernet port ...
    (microsoft.public.windowsxp.general)
  • Re: firewall test and NAT
    ... off Internet address is 192.168.0.xxx. ... Port probes are looking for any open Port, and if they don't find one, they move on to the next possible victim without ever responding with an ACK to the Server. ... SRC is my NAT router on my 1st Ethernet port ... "John John" sends a message to "ToddAndMargo", NAT forwards the message and remembers this, it "waits" for a reply from ToddAndMargo and when the reply arrives from ToddAndMargo NAT sends it to John John. ...
    (microsoft.public.windowsxp.general)
  • Re: How did they get past my NAT?
    ... network), I get no response, because there is no "Default host" set up ... behind my NAT, and no port forwarding for that port - if an explicit ... as I understand?), and not forwarded on the router, so there should be ...
    (comp.security.firewalls)
  • Re: Open Ports
    ... I guess what Sharad was saying was that your Internet ... the NAT will make a request to open these ports on your ... NAT server. ... >in an special port used by an application witch i need to ...
    (microsoft.public.windows.server.networking)
  • Re: [fw-wiz] static nat for inside returning traffic
    ... Either way NAPT or NAT you need a Static NAT from the a routable IP ... the outbound initiated access for your inside host. ... route in for any hosts on the Internet, ... behind the PIX's external interface IP or any another global IP ...
    (Firewall-Wizards)