NAT (Network Address Translator) - PowerPoint PPT Presentation

1 / 19

About This Presentation

Title:

NAT (Network Address Translator)

Description:

Number of Views:29

Avg rating:3.0/5.0

Slides: 20

Provided by: atifka

Category:

Tags: nat | address | astatic | network | translator

Transcript and Presenter's Notes

Title: NAT (Network Address Translator)

1
NAT (Network Address Translator)
In the name of God the most merciful and the most
compassionate

2
NAT Is it Necessary?

Scenario
One High Speed Dial Up, Multiple Devices
How to Share ?
Solution Gateway, but it requires that each
device should have a unique IP address..
IP addresses may become an endangered species
very soon..

3
NATThe Solution

4
NAT Scenario II

Network Security
Denial of Service
Trojan Horse Attacks
NAT drops all unsolicited inbound traffic, which
minimizes threats of this kind.

5
NATWhat is It?

NAT
NAT exists primarily to allow machine on a local
network to share a single internet connection by
replacing the source address of each outgoing
message with the address assigned to the shared
connection.

6
NAT Components
7
NAT Requires

To function NAT requires to
Maintain a mapping between the original
addressing information and the replaced
addressing information.
Update the checksums to reflect the modifications
made.

8
NAT NAT Gateway

The main component is the NAT Gateway. A basic
NAT Gateway has two interfaces. One interface to
public network and the other interface to private
network.
A more advanced NAT gateway may have multiple
interface i.e corporate network.

9
NAT Mapping Table
10
NATOperation

11
NAT Application I

12
NAT Application II

Address Mapping
A pool of private addresses is to be mapped to a
smaller pool of public addresses.
Mapping from private to public addresses are
established until no more addresses are
available.
At this point, NAT may switch over to translation
of port information.

13
NAT Application III

Static Mapping
To achieve security, the most important feature
is that no unsolicited traffic may pass through
NAT. But this feature prevents from hosting any
service behind NAT.
Static mapping allows a static entry to be made
in the mapping table which allows for unsolicited
incoming traffic, only for that entry.

14
NAT Constraints I

Limited Port Numbers.
Using IP addresses in Payload
When the server on the public domain reads the
address of the client in payload it doesnt
recognize the private address.
Using Port number in payload
This may cause a failure because some time the
port requested by a client is not available and
so NAT is forced to assign some other port number.

15
NATConstraints II

Specifying port or range of ports
The server side should not be programmed to
expect traffic from a specific port because the
client may not be able to get the specific port.
Assuming that IP address will remain same during
conversation
Mobile clients behind NAT

16
NAT Constraint III

Assuming that Application can receive unsolicited
Inbound connections
Offering of any services behind NAT will fail.
Primary control session to a port is followed one
or more secondary connection to different ports,
which will fail.

17
NAT Design Principles I

IP address and port information shouldnt be
embedded in the payload.
Use fully qualified domain names and/or user
names where possible. Let DNS do the work.
Traffic shouldnt be required to originate from a
specific port number.

18
NAT Design Principles II

Unsolicited inbound connections should be
avoided.
Encrypted protocols should avoid the checksum
cover the IP header, because NAT cannot decrypt
and change the IP header information by default.

19
NAT Application Level Gateway (ALG)