Network Address Translation (NAT) technology and its applications
Preface:As Internet technology continues to grow at an exponential rate, the allocation of precious network addresses to private networks is finally seen as a waste of valuable virtual real estate. Hence the emergence of the Network Address Translation (NAT) standard, which is the practice of setting aside certain IP addresses for reuse by private networks. This article will tell you in detail how to properly apply Network Address Translation NAT technology.
First, the definition of NAT technology
NAT English full name is NetworkAddressTranslation, said to be the Network Address Translation, which is an IETF standard that allows an organization to appear on the Internet with a single address.NAT will be each LAN node’s address into an IP address and vice versa. It can also be applied to firewall technology to hide individual IP addresses from the outside world so that outsiders cannot directly access internal network devices, and it helps networks can go beyond address limitations to rationalize the use of public Internet addresses and private IP addresses in the network.
Second, the basic principles and types of NAT technology
1, the basic principles of NAT technology
NAT technology can help solve the headache of the shortage of IP addresses, but also can make the internal and external network isolation, to provide a certain degree of network security. It solves the problem by using internal addresses in the internal network, and translating the internal addresses into legal IP addresses for use on the Internet through NAT, which is done by replacing the address fields in IP packets with legal IP addresses.NAT functionality is usually integrated into routers, firewalls, ISDN routers, or separate NAT devices.NAT devices maintain a state table that is used to map illegal IP addresses to legal IP addresses. Each packet is translated into the correct IP address in the NAT device and sent to the next level, which means some burden on the processor. But for the average network, this burden is negligible.
2. Types of NAT technology
There are three types of NAT: Static NAT (StaticNAT), Dynamic Address NAT (PooledNAT), and Network Address Port Translation NAPT (Port-LevelNAT). Static NAT is the simplest to set up and the easiest to implement, where each host in the internal network is permanently mapped to a legal address in the external network. Dynamic Address NAT defines a set of legal addresses on the external network that are dynamically assigned to the internal network, while NAPT maps internal addresses to different ports of an IP address on the external network. Each of the three NAT schemes has advantages and disadvantages based on different needs.
Dynamic address NAT simply translates IP addresses, assigning a temporary external IP address to each internal IP address, and is mainly used for dial-up, but dynamic NAT can also be used for frequent remote connections. when a remote user connects, dynamic NAT assigns him an IP address, which is released for future use when the user disconnects. released for future use.
Network Address Port Translation NAPT (Network Address Port Translation) is a familiar translation method commonly used in access devices to hide small to medium-sized networks behind a legitimate IP address. internal connections to a separate IP address on the external network, along with a TCP port number selected by the NAT device.
When using NAPT in the Internet, all the different TCP and UDP traffic appears as if it originates from the same IP address. This advantage is very useful in small offices, where multiple connections are routed to the Internet via NAPT from a single IP address requested from the ISP.In fact, many SOHO remote access devices support PPP-based dynamic IP addresses. In this way, the ISP does not even need to support NAPT, you can do multiple internal IP addresses to share an external IP address on the Internet, although this will lead to a certain amount of congestion in the channel, but taking into account the savings of the ISP Internet access costs and easy to manage the characteristics of the use of NAPT is still very worthwhile.
Third, the use of NAT technology in the Internet
NAT technology allows all the machines in your regional network to go out via a server line to the Internet, and only need to register an IP address for that server. In the past, before NAT, we had to install sockd on the server, and all clients had to support sockd in order to connect through the server’s sockd. The problem with this approach is that usually only telnet/ftp/www-browser support sockd, other programs can not be used; and the speed of using sockd is a little slow. Therefore, we use Network Address Translation NAT technology, so that the client does not need to do any changes, just set the gateway to the server, and all programs (such as kali/kahn, etc.) can use it. The simplest NAT device has two network connections: one to the Internet and one to a private network. Hosts on the private network with private IP addresses (sometimes referred to as Network10 addresses, where addresses are left private starting at 10.0.0.0) connect to the Internet by sending packets directly to the NAT device. Unlike a regular router the NAT device actually modifies the packet header to change the source address of the private network to the NAT device’s own Internet address, while a regular router only reads the source and destination addresses before forwarding the packet to its destination.
What is the role of NAT? What is it used for? Briefly describe how it works.
What is the role of NAT? What is it used for? Briefly describe how it works.
NAT (Network Address Translation) was introduced in 1994. The NAT method is used when some hosts inside a private network have already been assigned local IP addresses (i.e., dedicated addresses for use only within this private network), but now want to communicate with hosts on the Internet (without encryption).
This method requires NAT software to be installed on the router that connects the private network to the Internet. A router with NAT software is called a NAT router, and it has at least one valid external global IP address. This way, all hosts that use local addresses to communicate with the outside world have to have their local addresses translated into global IP addresses on the NAT router before they can connect to the Internet.
NAT is implemented in three ways, namely StaticNat for static translation, DynamicNat for dynamic translation, and OverLoad for port multiplexing.