Network Address Translation; Nat Overview; Nat Security And Static Mappings - Colubris Networks CN3000 Administrator's Manual

Chapter 2 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - How it works - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Chapter 2

Network address translation

NAT overview

NAT is an address mapping service that enables one set of IP addresses to be used on
an internal network, while a second set is used on an external network. NAT handles the
mapping between the two sets of addresses.
Generally, NAT is used to map all the addresses on a internal network to a single
address for use on an external network like the Internet. The main benefits of this are:
• It enables multiple devices to share a single connection.
• It effectively hides the IP addresses of all devices on the internal network from the
NAT can also be useful in conjunction with VPN software. When two networks are
connected via a VPN tunnel, it may be desirable to obscure the address of local
computers for security reasons. NAT makes this possible.
NAT security and One of the benefits of NAT is that it effectively hides the IP addresses of all computers
on the internal network from the outside network (i.e., the Internet or a remote site via
static mappings
VPN). While this is great for security, in some cases it is useful to make a computer on
the internal network accessible externally. For example, if you want to run a Web server
or FTP server.
To address this problem, NAT provides the ability to route specific incoming traffic to an
IP address on the internal network, through what is called a static NAT mapping. For
example, to support a Web server, you would define a static NAT mapping to route
traffic on TCP port 80 to an internal computer running a Web server. Note that this may
also require changes to the firewall settings to accept the incoming traffic.
A limitation of NAT mappings is that they only allow one internal IP address to act as the
destination for a particular protocol (unless you map the protocol to a non-standard
port). This means, for example, that you can only run one Web server on the internal
network.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 45 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
outside network.
Web Page
addressed to
192.168.1.2
192.168.1.2
192.168.1.3
Internal addresses are invisible
to computers on the Internet.
NAT
Web Page
addressed to
202.125.11.26
202.125.11.26
All traffic uses the
same external IP
address assigned
by the ISP.
Web
server
ISP