Siemens SINAUT MD741-1 System Manual page 133

NAT (Network Address
Translation)
Network mask / Subnet
mask
Port number
SINAUT MD741-1
C79000- G8976-C212
In Network Address Translation (NAT) - often also referred to as IP
Masquerading - an entire network is "hidden" behind a single device,
the NAT router. This device is usually a router. The internal computers
in the local network remain hidden with their IP addresses when they
communicate to the outside via the NAT router. For the external
communication partners only the NAT router with its own IP address
appears.
However, in order for internal computers to be able to communicate
direct with external computers (on the Internet) the NAT router must
change the IP datagrams passing from internal computers to the
outside and from the outside to an internal computer.
If an IP datagram is sent from the internal network to the outside the
NAT router changes the datagram's IP and TCP headers. It replaces
the source IP address and the source port with its own official IP
address and its own, previously unused port. To this end it creates a
table showing the correlation between the original values and the new
ones.
When receiving a reply datagram the NAT router recognises by means
of the destination port specified that the datagram is actually intended
for an internal computer. Using the table the NAT box exchanges the
destination IP address and the destination port and forwards the
datagram to the internal network.
A company network with access to the Internet is normally officially
assigned only a single IP address, e.g. 134.76.0.0. In this example
address it can be seen from the 1st byte that this company network is
a Class B network, i.e. the last 2 bytes can be used freely for host
addressing. Arithmetically that represents an address space of 65,536
possible hosts (256 x 256).
Such a huge network is not very practical. It is necessary here to form
subnetworks. This is done using a subnet mask. Like an IP address,
this is a field 4 bytes long. The value 255 is assigned to each of the
bytes that represent the network address. The main purpose of this is
to "hide" a part of the host address range in order to use it for the
addressing of subnetworks. For example, in a Class B network (2
bytes for the network address, 2 bytes for the host address), by means
of the subnet mask 255.255.255.0 it is possible to take the 3rd byte,
which was actually intended for host addressing, and use it now for
subnet addressing. Arithmetically that means that 256 subnets with
256 hosts each could be created.
The Port Number field is a 2-byte field in UDP and TCP headers. The
assignment of port numbers serves to identify various data flows that
are processed simultaneously by UDP/TCP. The entire data exchange
between UDP/TCP and the application processes takes place via
these port numbers. The assignment of port numbers to application
processes is performed dynamically and randomly. Fixed port numbers
are assigned for certain frequently-used application processes. These
are called Assigned Numbers.
Glossary
133