Private Networking

Private Networking
and the IP Network Address Translator (NAT)

Computer Science Department

bernstdh@jmu.edu

Motivation - Some Interesting Situations

Address Allocation for Private Internets (RFC 1918)

Categories

Hosts that do not require access to hosts in other organizations
- Such addresses can be used by multiple organizations
Hosts that need access to a limited set of outside services (e.g., electronic mail)
- Can be handled by mediating gateways

Private Addresses Allocated by IANA

Private Addresses (cont.)

The IP Network Address Translator (RFC 1631)

Purpose:
- A virtual router that translates private/public addresses (and ports)
Mappings:
- Dynamic Mappings - created when users on the private network initiate traffic with a "public" address
- Static Mappings - defined in advance

NAT (cont.)

Outgoing (i.e., Source NAT):
- For requests, local address converted to address of router before sending message
- For responses, router address converted into local address
Incoming (i.e., Destination NAT):
- Requires additional capabilities (e.g., IP Masquerading, Proxy Server)

NAT - An Exercise

NAT Under Linux

Setup IP forwarding on the gateway
Configure iptables on the gateway
- iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -j SNAT -to 1.2.3.4
- iptables -t nat -A PREROUTING -p tcp -d 1.2.3.4 -dport 23 -j DNAT -to 192.168.1.3:23

There's Always More to Learn