NAT: Network Address Translation

1
NAT Network AddressTranslation

• Hiding Multiple-Use Private IP Addresses

2
Running out of IP Addresses

• IP V4 Addresses Running Out
• Hard to Give Everyone a Unique IP Address
• NAT makes it possible for a site to have one
  single IP address, but still multiple internal
  computers with their own IP addresses and no
  conflicts!!!
• Can have internal routing

3
Simple NAT Function

• Mapping internal IP Addresses to external
  addresses (and conversely)
• Simple NAT scheme keeps a table of IP Address
  mappings inward and outward
• Can be manually (statically) administered or
  dynamically learned by NAT watching all outgoing
  datagrams
• Each time an internal computer sends a DG out to
  an external IP address, NAT can add a table entry
  to remember that incoming DGs from that external
  address must be sent to the right inside
  endpoint.
• But this only gets machine to machine and cannot
  support multiple insiders to one outsider!

4
Internal IP Addresses are not seen outside
One External IP Address
Internal Intranet (A range of internal IP
Addresses that may collide in outside world)
External Internet
Router or Firewall
NAT Device (HW or SW)
Network Address Translation Scenario
5
Some Uses

• Large Corporate Networks with VPNs and
  Fire-walling (Needed in IP telephony)
• Small Office, Home Office
• Residence one DSL incoming one PC fronts the
  rest
• Unix slirp
• Linux Masquerade
• Windows Internet Connection Sharing
• References
• RFC 2663, RFC 2766
• http//www.commsdesign.com/design_center/broadband
  /design_corner/OEG20030310S0044
• http//www1.avaya.com/enterprise/applicationnotes/
  nat-tutorial.pdf

6
Simple NAT
This happens First Internal Computer Sends DG to
External IP Address
NAT Remembers in table
7
Network Address and Port Translation (or just PAT)

• Need to accommodate many insiders to one outsider
• Need to accommodate different insider
  applications to one outsider service
• NAPT pays attention to ports (TCP or UDP)
• Can support TCP or 1-1 UDP when originated
  internally (insiders as clients)
• When insider initiates a layer 4 dialog with an
  external IP endpoint, NAPT remembers internal
  point numbers AND internal IP addresses in table.
  Can then replace internal port numbers used with
  its own
• Maps not only IP addresses but also port numbers

8
Connections Initiated Internally
Web Server
Internal Intranet
External Internet
128.10.19.20 Port 40001
Router or Firewall
NAT Device (HW or SW)
Internal Client 1 10.0.0.1 Port 30000
128.10.19.20 Port 40002
Internal Client 2 10.0.0.2 Port 30000
Network Address and Port Translation (TCP
Splicing)
9
Address Translation Table Info For Previous Slide
10
Letting Internal Endpoints Act As Servers, Etc.

• Twice NAT local Name Server and NAT work
  together
• When external client initiates request to
  internal server
• DSN Name lookup needed local DNS server
  cooperates with NAT top help Nat remember remote
  address and port number in NAT table
• So when TCP setup request comes in, table mapping
  already set up
• Names can distinguish internal endpoints

11
Exercises

• 26.1, 26.2, 26.3, 26.4