- Forward


Private Networking
and the IP Network Address Translator (NAT)


Prof. David Bernstein
James Madison University

Computer Science Department
bernstdh@jmu.edu

Print

Motivation - Some Interesting Situations
Back Forward
  • An airport/train station that uses TCP/IP for departure/arrival boards
  • A retail store that uses TCP/IP for cash registers
  • A university that uses TCP/IP for internal broadcast of events
Address Allocation for Private Internets (RFC 1918)
Back Forward

Categories

  • Hosts that do not require access to hosts in other organizations
    • Such addresses can be used by multiple organizations
  • Hosts that need access to a limited set of outside services (e.g., electronic mail)
    • Can be handled by mediating gateways
Private Addresses Allocated by IANA
Back Forward
  • 1 Class A Network:
    • 10.0.0.0 - 10.255.255.255
  • 16 Class B Networks:
    • 172.16.0.0 - 172.31.255.255
  • 256 Class C Networks:
    • 192.168.0.0 - 192.168.255.255
Private Addresses (cont.)
Back Forward
  • Everyone can use private addresses (i.e., they don't need to be assigned)
  • Are ignored by routers
  • Should look familiar (think about your wireless network at home)
The IP Network Address Translator (RFC 1631)
Back Forward
  • Purpose:
    • A virtual router that translates private/public addresses (and ports)
  • Mappings:
    • Dynamic Mappings - created when users on the private network initiate traffic with a "public" address
    • Static Mappings - defined in advance
NAT (cont.)
Back Forward
  • Outgoing (i.e., Source NAT):
    • For requests, local address converted to address of router before sending message
    • For responses, router address converted into local address
  • Incoming (i.e., Destination NAT):
    • Requires additional capabilities (e.g., IP Masquerading, Proxy Server)
NAT - An Exercise
Back Forward
  • TCP:
    • How could we implement NAT for TCP?
  • UDP:
    • How could we implement NAT for UDP?
  • HTTP:
    • What about HTTP?
NAT Under Linux
Back Forward
  • Setup IP forwarding on the gateway
  • Configure iptables on the gateway
    • iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -j SNAT -to 1.2.3.4
    • iptables -t nat -A PREROUTING -p tcp -d 1.2.3.4 -dport 23 -j DNAT -to 192.168.1.3:23
There's Always More to Learn
Back -