@%#^& - Q? - A!The Story of:

NAT!The Story of:

Private and Public IPs No private on the internet!

Private Computers wants .◦ They can’t go with their private IPs!!!

What is the problem?!

Get public IPs …◦ Well, give me money to buy them. ◦ And I would need new Network cards for them.◦ Are we PRIVATE anymore!?!?!

Gateways! Inspiring!

If there is a service in the internet somewhere, a public service, does it care who I am that much?!

I GOT IT! Let’s buy one more computer!

Ideas!?

The Idea is to put a computer between our private network and the internet.

When ever one host in the private zone wants to talk with any host in the internet (upload/download), it asks this computer for doing It.

This device is the only one seen from the internet.

We will call this device a NAT Device.

The delegate!

NAT stands for Network Address Translation.

Translation of address is changing them according to rules.

Tow Levels of NAT:◦ Network layer: translates IP (Basic NAT)

◦ Transport & Network layer: IP + Port (TCP/UDP) ◦ Referred to as PAT (Port Address Translation) or NAPT.

Translation in two directions:◦ SNAT: Translate source address.◦ DNAT: Translate destination address.

NAT: features and definitions

Scenario One (Browsing)In this scenario computer A tries to open a webpage on a server through the internet.

Source Dest

IP 172.16.0.2 90.22.14.15

Port 42555 80

Source Dest

IP 88.14.51.100 90.22.14.15

Port

5000 80

Source Dest

IP 90.22.14.15 88.14.51.100

Port

80 5000

Hasan in the Cafiteria! (Port Forwarding)This is the scenario where I am in the cafeteria trying to take of my torrents … !

Static DNATing for inbound connections.◦ Example: Vuze local connection end-point.

Too many outbound connections and we run out of ports in the NAT.◦ E.g. Inconsistent HTTP requests while browsing.

NAT table entries with no activity are droped.

Some protocols like FTP has got problems!!!

Drawbacks:

FTP through NAT

NAT & IPv6

The ENDThank you.