NAT – Network Address Translation
Goals of hiding the identity of internal clients, masking the design of your
private network and keeping public IP address leasing cost to a minimum are
achieved through NAT
NAT allows private networks to use any IP address set without causing
collisions or conflicts with public internet hosts with the same IP address
NAT translates the IP address of your internal clients to leased addresses
outside your environment and has numerous benefits
Can connect an entire network to the internet using a single or a few
public IP addresses
Can use private addresses defined in RFC 1918
NAT hides the IP address scheme and network topology from the
Internet
NAT restricts connections so that only traffic stemming from
connections originating from the internal protected network is allowed
back into the network from the internet
Most intrusion attacks are automatically repelled
Private IP Addresses
10.0.0.0 to 10.255.255.255 full Class A range
172.16.0.0 to 172.31.255.255 16 Class B ranges
192.168.0.0 to 192.168.255.255 256 Class C ranges
All routers and traffic directing devices are configured by default not to
forward traffic to or from these IP addresses - private IP addresses are not
routed by default and cannot directly communicate over the internet
They can be easily used on private networks
Stateful NAT - operates by maintaining a mapping between requests made
by internal clients (users) and the clients internal IP address and the IP
address of the internet service contacted - it changes the source address in
the packet from the clients to the NAT server's and then NAT matches the
reply source the stored address
STATIC NAT - client is assigned a permanent mapping to a specific external
public IP address
1
Goals of hiding the identity of internal clients, masking the design of your
private network and keeping public IP address leasing cost to a minimum are
achieved through NAT
NAT allows private networks to use any IP address set without causing
collisions or conflicts with public internet hosts with the same IP address
NAT translates the IP address of your internal clients to leased addresses
outside your environment and has numerous benefits
Can connect an entire network to the internet using a single or a few
public IP addresses
Can use private addresses defined in RFC 1918
NAT hides the IP address scheme and network topology from the
Internet
NAT restricts connections so that only traffic stemming from
connections originating from the internal protected network is allowed
back into the network from the internet
Most intrusion attacks are automatically repelled
Private IP Addresses
10.0.0.0 to 10.255.255.255 full Class A range
172.16.0.0 to 172.31.255.255 16 Class B ranges
192.168.0.0 to 192.168.255.255 256 Class C ranges
All routers and traffic directing devices are configured by default not to
forward traffic to or from these IP addresses - private IP addresses are not
routed by default and cannot directly communicate over the internet
They can be easily used on private networks
Stateful NAT - operates by maintaining a mapping between requests made
by internal clients (users) and the clients internal IP address and the IP
address of the internet service contacted - it changes the source address in
the packet from the clients to the NAT server's and then NAT matches the
reply source the stored address
STATIC NAT - client is assigned a permanent mapping to a specific external
public IP address
1
