Presentation is loading. Please wait.

Presentation is loading. Please wait.

NAT (Network Address Translator) Atif Karamat In the name of God the most merciful and the most compassionate.

Published by Modified over 8 years ago

Similar presentations

Presentation on theme: "NAT (Network Address Translator) Atif Karamat In the name of God the most merciful and the most compassionate."— Presentation transcript:

1 NAT (Network Address Translator) Atif Karamat In the name of God the most merciful and the most compassionate

2 1/8/2002 NAT Presentation2 NAT: Is it Necessary? n Scenario: One High Speed Dial Up, Multiple Devices How to Share ? –Solution: Gateway, but it requires that each device should have a unique IP address.. n IP addresses may become an endangered species very soon..

3 1/8/2002 NAT Presentation3 NAT:The Solution n NAT: –Instead of requiring that each device behind the gateway have a globally unique IP address, then, we can allocate private addresses to such devices and the gateway can then translate private IP addresses in all traffic that passes through the connection.

4 1/8/2002 NAT Presentation4 NAT: Scenario II n Network Security: –Denial of Service –Trojan Horse Attacks n NAT drops all unsolicited inbound traffic, which minimizes threats of this kind.

5 1/8/2002 NAT Presentation5 NAT:What is It? n NAT: NAT exists primarily to allow machine on a local network to share a single internet connection by replacing the source address of each outgoing message with the address assigned to the shared connection.

6 1/8/2002 NAT Presentation6 NAT: Components

7 1/8/2002 NAT Presentation7 NAT: Requires n To function NAT requires to: –Maintain a mapping between the original addressing information and the replaced addressing information. –Update the checksums to reflect the modifications made.

8 1/8/2002 NAT Presentation8 NAT: NAT Gateway n The main component is the NAT Gateway. A basic NAT Gateway has two interfaces. One interface to public network and the other interface to private network. n A more advanced NAT gateway may have multiple interface i.e corporate network.

9 1/8/2002 NAT Presentation9 NAT: Mapping Table

10 1/8/2002 NAT Presentation10 NAT:Operation n Traffic generated by client is received on the private interface. Gateway looks into the packet header, extracts the header in to and creates an entry in the mapping table. When the reply comes back, NAT looks up in the mapping table and directs the packet to the private client.

11 1/8/2002 NAT Presentation11 NAT: Application I n Address Port Translation: –Modification of source address and source ports (out going packets). –Modification of destination address and ports (Incoming packets).

12 1/8/2002 NAT Presentation12 NAT: Application II n Address Mapping: –A pool of private addresses is to be mapped to a smaller pool of public addresses. –Mapping from private to public addresses are established until no more addresses are available. –At this point, NAT may switch over to translation of port information.

13 1/8/2002 NAT Presentation13 NAT: Application III n Static Mapping: –To achieve security, the most important feature is that no unsolicited traffic may pass through NAT. But this feature prevents from hosting any service behind NAT. –Static mapping allows a static entry to be made in the mapping table which allows for unsolicited incoming traffic, only for that entry.

14 1/8/2002 NAT Presentation14 NAT: Constraints I n Limited Port Numbers. n Using IP addresses in Payload: –When the server on the public domain reads the address of the client in payload it doesn’t recognize the private address. n Using Port number in payload: –This may cause a failure because some time the port requested by a client is not available and so NAT is forced to assign some other port number.

15 1/8/2002 NAT Presentation15 NAT:Constraints II n Specifying port or range of ports: –The server side should not be programmed to expect traffic from a specific port because the client may not be able to get the specific port. n Assuming that IP address will remain same during conversation: –Mobile clients behind NAT

16 1/8/2002 NAT Presentation16 NAT: Constraint III n Assuming that Application can receive unsolicited Inbound connections: –Offering of any services behind NAT will fail. –Primary control session to a port is followed one or more secondary connection to different ports, which will fail.

17 1/8/2002 NAT Presentation17 NAT: Design Principles I n IP address and port information shouldn’t be embedded in the payload. n Use fully qualified domain names and/or user names where possible. Let DNS do the work. n Traffic shouldn’t be required to originate from a specific port number.

18 1/8/2002 NAT Presentation18 NAT: Design Principles II n Unsolicited inbound connections should be avoided. n Encrypted protocols should avoid the checksum cover the IP header, because NAT cannot decrypt and change the IP header information by default.

19 1/8/2002 NAT Presentation19 NAT: Application Level Gateway (ALG) n When a protocol is unable to pass cleanly through a NAT, the use of an Application Level Gateway (ALG) may still permit operation of the protocol.

Download ppt "NAT (Network Address Translator) Atif Karamat In the name of God the most merciful and the most compassionate."

Similar presentations

1 Network Address Translation (NAT) Relates to Lab 7. Module about private networks and NAT.

1 Network Address Translation (NAT) Relates to Lab 7. Module about private networks and NAT.
CST 415 - Computer Networks NAT CST 415 4/10/2017 CST 415 - Computer Networks.

CST Computer Networks NAT CST 415 4/10/2017 CST Computer Networks.
CPSC 441 - Network Layer4-1 IP addresses: how to get one? Q: How does a host get IP address? r hard-coded by system admin in a file m Windows: control-panel->network->configuration-

CPSC Network Layer4-1 IP addresses: how to get one? Q: How does a host get IP address? r hard-coded by system admin in a file m Windows: control-panel->network->configuration-
CS 4700 / CS 5700 Network Fundamentals Lecture 15: NAT (You Better Forward Those Ports) Revised 3/9/2013.

CS 4700 / CS 5700 Network Fundamentals Lecture 15: NAT (You Better Forward Those Ports) Revised 3/9/2013.
STUN Date: 2011-05-25 Speaker: Hui-Hsiung Chung 1.

STUN Date: Speaker: Hui-Hsiung Chung 1.
Natting NATTING. Private vs Public IP Addresses Whatever connects directly into Internet must have public (globally unique) IP address There is a shortage.

Natting NATTING. Private vs Public IP Addresses Whatever connects directly into Internet must have public (globally unique) IP address There is a shortage.
Ch. 1 – Scaling IP Addresses NAT/PAT and DHCP CCNA 4 version 3.0.

Ch. 1 – Scaling IP Addresses NAT/PAT and DHCP CCNA 4 version 3.0.
Ch. 1 – Scaling IP Addresses NAT/PAT and DHCP

Ch. 1 – Scaling IP Addresses NAT/PAT and DHCP
Firewall Configuration Strategies

Firewall Configuration Strategies
1 Comnet 2010 Communication Networks Recitation 7 Lookups & NAT.

1 Comnet 2010 Communication Networks Recitation 7 Lookups & NAT.
1 Network Address Translation (NAT) Relates to Lab 7. Module about private networks and NAT.

1 Network Address Translation (NAT) Relates to Lab 7. Module about private networks and NAT.
Chapter 6 Network Address Translation (NAT). Network Address Translation  Modification of source or destination IP address  Needed by networks using.

Chapter 6 Network Address Translation (NAT). Network Address Translation  Modification of source or destination IP address  Needed by networks using.
Network Security. Network security starts from authenticating any user. Once authenticated, firewall enforces access policies such as what services are.

Network Security. Network security starts from authenticating any user. Once authenticated, firewall enforces access policies such as what services are.
Subnetting.

Subnetting.
CCNA Guide to Cisco Networking Fundamentals Fourth Edition Chapter 9 Network Services.

CCNA Guide to Cisco Networking Fundamentals Fourth Edition Chapter 9 Network Services.
EEC-484/584 Computer Networks Lecture 11 Wenbing Zhao (Part of the slides are based on Drs. Kurose & Ross ’ s slides for their Computer.

EEC-484/584 Computer Networks Lecture 11 Wenbing Zhao (Part of the slides are based on Drs. Kurose & Ross ’ s slides for their Computer.
EEC-484/584 Computer Networks Lecture 11 Wenbing Zhao (Part of the slides are based on Drs. Kurose & Ross ’ s slides for their Computer.

EEC-484/584 Computer Networks Lecture 11 Wenbing Zhao (Part of the slides are based on Drs. Kurose & Ross ’ s slides for their Computer.
Networking DSC340 Mike Pangburn. Networking: Computers on the Internet  1969 – 4  1971 – 15  1984 – 1000  1987 – 10,000  1989 – 100,000  1992 –

Networking DSC340 Mike Pangburn. Networking: Computers on the Internet  1969 – 4  1971 – 15  1984 – 1000  1987 – 10,000  1989 – 100,000  1992 –
FIREWALL TECHNOLOGIES Tahani al jehani. Firewall benefits  A firewall functions as a choke point – all traffic in and out must pass through this single.

FIREWALL TECHNOLOGIES Tahani al jehani. Firewall benefits  A firewall functions as a choke point – all traffic in and out must pass through this single.
BY- NIKHIL TRIPATHI 12MCMB10.  What is a FIREWALL?  Can & Can’t in Firewall perspective  Development of Firewalls  Firewall Architectures  Some Generalization.

BY- NIKHIL TRIPATHI 12MCMB10.  What is a FIREWALL?  Can & Can’t in Firewall perspective  Development of Firewalls  Firewall Architectures  Some Generalization.

Similar presentations

Ads by Google