Presentation is loading. Please wait.

Presentation is loading. Please wait.

9/11/2015Home Networking1 Bob.test Have Road Runner Unhappy about reports of constant probes of machines Policy decision –I want to prevent unauthorized.

Similar presentations


Presentation on theme: "9/11/2015Home Networking1 Bob.test Have Road Runner Unhappy about reports of constant probes of machines Policy decision –I want to prevent unauthorized."— Presentation transcript:

1 9/11/2015Home Networking1 Bob.test Have Road Runner Unhappy about reports of constant probes of machines Policy decision –I want to prevent unauthorized probes/connection attempts on my machines Mechanism –Purchase some sort of firewall for my home network

2 9/11/2015Home Networking2 Configuration Internet Cable ModemRouter Grumpy Desktops Reiker

3 9/11/2015Home Networking3 Private IP Addresses The Internet Assigned Numbers Authority (IANA) has reserved the following three blocks of the IP address space for private internets (RFC1597): –10.0.0.0 - 10.255.255.255 (class A) –172.16.0.0 - 172.31.255.255 (class B) –192.168.0.0 - 192.168.255.255 (class C) These addresses are not routable –Meaning that they will not be routed by an ISP

4 9/11/2015Home Networking4 Address Management Internet Cable ModemRouter Grumpy Reiker Desktops Assigned via DHCP (grumpy) (192.168.0.100 – 192.168.0.200) 192.168.1.254 192.168.1.1 192.168.1.2 Assigned via DHCP (RR) 66.67.3.170

5 9/11/2015Home Networking5 How Does This Help? Internet Cable ModemRouter Grumpy Reiker Desktops Assigned via DHCP (grumpy) (192.168.0.100 – 192.168.0.200) 192.168.1.1 192.168.1.2 Because these use private addresses cannot be used beyond the router Can’t get in or out!!!

6 9/11/2015Home Networking6 Mystery Mouse opens a TCP connection to the CS department’s web server –Grumpy’s address is 192.168.1.1 –Destination is 129.21.30.29 –The packet arrives at RIT –RIT responds – but 192.168.1.1 is a private address and will not be routed through the Internet –How does Grumpy communicate with the outside world?

7 9/11/2015Home Networking7 Network Address Translation Network Address Translation (NAT) makes this all possible (RFC2663 & RFC2766) –Private traffic for the Internet arrives at the router (sometimes called a NAT box) –The router changes the source IP address to the “real” IP address –Packet is sent as usual –Reply arrives at router –Now what? How do we know what private address to route it to?

8 9/11/2015Home Networking8 A Little TCP 192.168.1.1:2004 129.21.30.29 :1024 Both endpoints, together, uniquely define a TCP connection (192.168.1.1,2024, 129.21.30.29,1024) Dest: 129.21.30.29 :1024 Src: 192.168.1.1:2024 Dest: 192.168.1.1:2024 Src: 129.21.30.29 :1024

9 9/11/2015Home Networking9 Address Translation 192.168.1.1:2004 129.21.30.29 :1024 Dest: 129.21.30.29:80 Src: 192.168.1.1:2024 Dest: 66.67.3.170:2024 Src: 129.21.30.29:80 NAT Box Dest: 129.21.30.29 :80 Src: 66.67.3.170:2024 Dest: 192.168.1.1:2024 Src: 129.21.30.29:80

10 9/11/2015Home Networking10 How to Route? If a NAT box is managing several TCP connections, how does it know who to route incoming packets to? –Key is port numbers (IP src, Port src, IP dest, Port dest ) –Create map Key  (Port src, IP dest, Port dest ) Value  (IP src ) –Why have Port src in the key?

11 9/11/2015Home Networking11 Problem 192.168.1.1:2004 129.21.30.29 :80 Dest: 129.21.30.29:80 Src: 192.168.1.1:2024 Dest: 129.21.30.29:80 Src: 66.67.3.170:1024 NAT Box Dest: 129.21.30.29 :80 Src: 66.67.3.170:1024 Dest: 129.21.30.29:80 Src: 192.168.1.2:2024 192.168.1.2:2004

12 9/11/2015Home Networking12 NAPT Includes port numbers in the translation –Client actually opens connection with NAT box (thus has unique end points) –NAT box in turn open connection with real server (again unique end points) –Now when packet arrives from server has NAT assigned port as destination The term NAT is often used in place of NAPT

13 9/11/2015Home Networking13 NAPT Translation Table Private Address Private Port External Address External Port NAT Port Protocol Used 192.168.1.12024129.21.30.298014003TCP 192.1.68.1.22024129.2.1.30.298014004TCP

14 9/11/2015Home Networking14 NAPT Translation 192.168.1.1:2004 129.21.30.29 :80 Dest: 129.21.30.29:80 Src: 192.168.1.1:2024 Dest: 129.21.30.29:80 Src: 66.67.3.170:14004 NAT Box Dest: 129.21.30.29 :80 Src: 66.67.3.170:14003 Dest: 129.21.30.29:80 Src: 192.168.1.1:2024 192.168.1.2:2004

15 9/11/2015Home Networking15 Common Characteristics All flavors of NAT devices should share the following characteristics. –Transparent Address assignment. –Transparent routing through address translation. (routing here refers to forwarding packets, and not exchanging routing information) –ICMP error packet payload translation.


Download ppt "9/11/2015Home Networking1 Bob.test Have Road Runner Unhappy about reports of constant probes of machines Policy decision –I want to prevent unauthorized."

Similar presentations


Ads by Google