Table of Contents
Advertisement
6.7.3.3.2
NAT Overview
The purpose of the "Network Address Translation" (NAT) protocol is to hide a private IP network from a
public network. The mechanism serves both as a firewall function and to save IP address space.
Host 1
192.168.1.2/24
Private network 172.30.1.0/24
The source address of packets transiting from the private network to the public network gets translated by
the NAT enabled device. The original IP source address gets replaced by the NAT enabled device's own
IP address (address of the outgoing interface). The NAT module creates an address translation table that
is used when traffic is coming back from the public network to the private network.
In our example, Host 1 sends a packet to Host 2. The Host 2 device does not see the private IP address of
Host 1. When Host 2 sends a reply to Host 1, it uses the destination IP address 172.31.1.1; this gets trans-
lated back to the appropriate destination IP address by the NAT enabled device.
NAT does a lot more then simple translation of the IP source address. NAT also carries out IP protocol
dependant translation. For the UDP and TCP protocols, NAT, will also translate the source port numbers.
Special handling is also done for other more specific protocols like FTP.
001-5099-000
Packet (1)
Source Address 192.168.1.2
Destination Address 172.31.1.2
192.168.1.1/24
Packet (2)
Source Address 172.31.1.2
Destination Address 192.168.1.2
Figure 43 - Basic NAT Operations
Packet (1)
Source Address 172.31.1.1
Destination Address 172.31.1.2
172.31.1.1/24
NAT Enabled Device
Packet (2)
Source Address 172.31.1.2
Destination Address 172.31.1.1
47
Host 2
172.31.1.2/24
Public ne t work
Public network
HiPR-900 User Manual
Advertisement
Table of Contents
Troubleshooting
