1 / 19

NAT (Network Address Translator)

In the name of God the most merciful and the most compassionate. NAT (Network Address Translator). Atif Karamat. NAT: Is it Necessary?. Scenario: One High Speed Dial Up, Multiple Devices How to Share ? Solution: Gateway, but it requires that each device should have a unique IP address..

nathaniel-ewing
Download Presentation

NAT (Network Address Translator)

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. In the name of God the most merciful and the most compassionate NAT (Network Address Translator) Atif Karamat

  2. NAT: Is it Necessary? • Scenario: • One High Speed Dial Up, Multiple Devices • How to Share ? • Solution: Gateway, but it requires that each device should have a unique IP address.. • IP addresses may become an endangered species very soon.. NAT Presentation

  3. NAT:The Solution • NAT: • Instead of requiring that each device behind the gateway have a globally unique IP address, then, we can allocate private addresses to such devices and the gateway can then translate private IP addresses in all traffic that passes through the connection. NAT Presentation

  4. NAT: Scenario II • Network Security: • Denial of Service • Trojan Horse Attacks • NAT drops all unsolicited inbound traffic, which minimizes threats of this kind. NAT Presentation

  5. NAT:What is It? • NAT: • NAT exists primarily to allow machine on a local network to share a single internet connection by replacing the source address of each outgoing message with the address assigned to the shared connection. NAT Presentation

  6. NAT: Components NAT Presentation

  7. NAT: Requires • To function NAT requires to: • Maintain a mapping between the original addressing information and the replaced addressing information. • Update the checksums to reflect the modifications made. NAT Presentation

  8. NAT: NAT Gateway • The main component is the NAT Gateway. A basic NAT Gateway has two interfaces. One interface to public network and the other interface to private network. • A more advanced NAT gateway may have multiple interface i.e corporate network. NAT Presentation

  9. NAT: Mapping Table NAT Presentation

  10. NAT:Operation • Traffic generated by client is received on the private interface. Gateway looks into the packet header, extracts the header in to and creates an entry in the mapping table. When the reply comes back, NAT looks up in the mapping table and directs the packet to the private client. NAT Presentation

  11. NAT: Application I • Address Port Translation: • Modification of source address and source ports (out going packets). • Modification of destination address and ports (Incoming packets). NAT Presentation

  12. NAT: Application II • Address Mapping: • A pool of private addresses is to be mapped to a smaller pool of public addresses. • Mapping from private to public addresses are established until no more addresses are available. • At this point, NAT may switch over to translation of port information. NAT Presentation

  13. NAT: Application III • Static Mapping: • To achieve security, the most important feature is that no unsolicited traffic may pass through NAT. But this feature prevents from hosting any service behind NAT. • Static mapping allows a static entry to be made in the mapping table which allows for unsolicited incoming traffic, only for that entry. NAT Presentation

  14. NAT: Constraints I • Limited Port Numbers. • Using IP addresses in Payload: • When the server on the public domain reads the address of the client in payload it doesn’t recognize the private address. • Using Port number in payload: • This may cause a failure because some time the port requested by a client is not available and so NAT is forced to assign some other port number. NAT Presentation

  15. NAT:Constraints II • Specifying port or range of ports: • The server side should not be programmed to expect traffic from a specific port because the client may not be able to get the specific port. • Assuming that IP address will remain same during conversation: • Mobile clients behind NAT NAT Presentation

  16. NAT: Constraint III • Assuming that Application can receive unsolicited Inbound connections: • Offering of any services behind NAT will fail. • Primary control session to a port is followed one or more secondary connection to different ports, which will fail. NAT Presentation

  17. NAT: Design Principles I • IP address and port information shouldn’t be embedded in the payload. • Use fully qualified domain names and/or user names where possible. Let DNS do the work. • Traffic shouldn’t be required to originate from a specific port number. NAT Presentation

  18. NAT: Design Principles II • Unsolicited inbound connections should be avoided. • Encrypted protocols should avoid the checksum cover the IP header, because NAT cannot decrypt and change the IP header information by default. NAT Presentation

  19. NAT: Application Level Gateway (ALG) • When a protocol is unable to pass cleanly through a NAT, the use of an Application Level Gateway (ALG) may still permit operation of the protocol. NAT Presentation

More Related