NAT-NAT stands for "Network Address Translation"
Here are some of the main reason STATES why NAT is being used
1)To act as an agent or provides Translation between the Internet (or "public network") and a local (or "private") network.
2)Hides internal Network Structure of the Intranet on the Internet.
3)Saves or reduces the use of IP-V4 Addressing on the Internet
4)Can be used to represent 1000's of Private IP's of a company/organization with a single IP on the Internet and using NAT is the main reason ,that is why we are still using ip-v4 address on the internet,Other-wise it would have been exhausted...
A NAT Network will look like this
2)Types of NAT and Basic working of NAT
There are 3 main types of NAT exsists they are
1)Static NAT
2)Dynamic NAT
3)Port Address Translation (PAT) -----> (most common and popular one being used on the Internet)
Also You need to know about 4 NAT terms
1)Inside Local address---->Address of the source host before translation
2)Inside Global Address---->Address of the source host after Translation
3)Outside Local Address----->Address of the Destination host before translation
4)Outside Global Address---->Address of the Destination host After translation
NOTE:Here translation indicates conversion of Private IP in to public IP...
you need to know the above things ,when it comes to understanding complex NAT structure ,the above things will be handy for you to understand the complex things
Now i will explain Static NAT
Static NAT:
Static NAT Represents "set of Private IP Ads are maped directly to a Set of Public Address on a one-to-one basis."
In static NAT, the computer with the IP address of 192.168.32.10 will always translate to 213.18.123.110.
now take a look on the above diagram,In this diagram the private-Ip address 192.168.32.10 is translated in to 213.18.123.10
It is fixed or when-ever a connection is established from this private-ip i.e 192.168.32.10 it is Automatically translated or mapped in to a fixed public address i.e 213.18.123.10
Like this for every private ip address on the intranet is mapped in to a fixed public IP Address..
The biggest disadvantage of this type of Static NAT is It needs LOT OF unique public ip address to represent each host on the INTRANET
Dynamic NAT:
In Dynamic NAT "A set of Private IP Addresses are maped to a pool of Public addresses",This may look similar to Static NAT,But the Difference is instead of using one external address for translation, there are now several
Now i will explain this in details
this method i.e PAT Also called as "overloading"..
Also remember while translation the NAT router does not use the same ports for 2 same hosts
For example if 192.168.32.10 and 192.168.32.12 are the 2 private ip's on the internet and if they are connecting to the internet,their request will be sent from 2 different ports say 192.168.32.10's request will be sent from port 101 of the NAT router and 192.168.32.12's request will be sent from port 102 of the NAT router ,this is been done to avoid confusion while sending the traffic back to the internal hosts (i.e 192.168.32.10 and 192.168.32.12)
3)Advantages and disadvantages of NAT:
Advantages:
1)Enhances the level of security within the Network by hiding its internal structure
2)Prevents exhaustion of ip-v4 address or reduces or conservers the use of ip-v4 address
3)When an existing IP Network is attached to the Internet, there is no need to replace the IP address of each and every host on the internal net - the task is accomplished by the NAT.
4)Also making network enumeration hard for the hackers,(From my personal experience i am saying )if the network is protected with NAT router ,you can not map the internal structure of the internal network unless you have access to one of them....
Dis-advantages:
1)Ip 2 IP TRACING is very hard
2)No Tracking of Protocol Information Other Than the Port Number Information
3)Limited Control on Initial Connections
4)Also some Applications and some protocols does not work with NAT,sat for example IP-SEC protocol which verifies packets for data-integrity will drop connections/data from the NAT connections because the NAT ROUTER modifies the source address during the translation,..
5)even tough it provides security,it is harder to implement ,maintain and trouble shoot.....
0 comments:
Post a Comment