Get this Security+ CertiGuide for your own computer.
Click Here!
Use coupon code "certiguide" to save 20%!
(Expires 2004/12/31)

Also available: 300-question Security+ practice test!
Get It Here!

Custom Search







Table Of Contents  CertiGuide to Security+
 9  Chapter 3:  Infrastructure Security (Domain 3.0; 20%)
      9  3.3  Security Topologies
           9  3.3.3  NAT (Network Address Translation)

Previous Topic/Section
3.3.3  NAT (Network Address Translation)
Previous Page
Pages in Current Topic/Section
1
Next Page
Why Use NAT?
Next Topic/Section

Types of NAT

NAT can be static or dynamic. In static NAT, there is a one-to-one mapping between each private address and a public address. The NAT process consists of modifying the source IP address on outgoing packets to the public address, and modifying the destination IP address on incoming packets to the private address. In this situation, an organization is required to have as many public network addresses as private network addresses, which sometimes isn’t possible (for technical or political reasons). In dynamic NAT, there is a pool of public addresses, and internal hosts needing Internet connectivity will be mapped to the next available public address on an as-needed basis. When the connection is terminated, the public address is returned to the pool, to be used again. Because of this re-use, it is possible to have a smaller number of public addresses than you have machines with private addresses – as long as all of the internal machines aren’t using the Internet simultaneously.

A variation on dynamic NAT is Port Address Translation (PAT). PAT, sometimes known as “single address NAT,” is a specific case of NAT in which there is one external address, and multiple internal computers connecting to Internet hosts through it. In this case, not only does the IP address in the packet change… so does the TCP/IP port number. (This is required because multiple internal connections are sharing the same public IP address simultaneously, and a connection using the same port number on the public address can’t be guaranteed, since someone else may already have it.) An alternate explanation of PAT is that it is used to redirect requests for access to a specific port number on the external address, to a specific internal machine, based on a table of address/port redirections set up by the administrator.

For example, if you have one external address, you might redirect port 80 packets to a web server in your network, port 25 packets to a mail server, etc. In this case, the port number of the packet doesn’t change, but the address does.

Mapping Ports/PAT

Static NAT involves a fixed one-to-one mapping of a private address to a public address, for each node in the private network. The port numbers in the packet do not change.

Dynamic NAT involves as-needed mapping of a private address to the next available public address in a pool of possible addresses.

PAT involves mapping multiple private addresses to a single public address. This is accomplished by also translating port numbers. PAT can be used so that requests to different port numbers at the same IP address are routed to different hosts.



Previous Topic/Section
3.3.3  NAT (Network Address Translation)
Previous Page
Pages in Current Topic/Section
1
Next Page
Why Use NAT?
Next Topic/Section

If you find CertiGuide.com useful, please consider making a small Paypal donation to help the site, using one of the buttons below. You can also donate a custom amount using the far right button (not less than $1 please, or PayPal gets most/all of your money!) In lieu of a larger donation, you may wish to consider buying an inexpensive PDF equivalent of the CertiGuide to Security+ from StudyExam4Less.com. (Use coupon code "certiguide" by December 31, 2004 to save 20%!) Thanks for your support!
Donate $2
Donate $5
Donate $10
Donate $20
Donate $30
Donate: $



Home - Table Of Contents - Contact Us

CertiGuide for Security+ (http://www.CertiGuide.com/secplus/) on CertiGuide.com
Version 1.0 - Version Date: November 15, 2004

Adapted with permission from a work created by Tcat Houser et al.
CertiGuide.com Version Copyright 2004 Charles M. Kozierok. All Rights Reserved.
Not responsible for any loss resulting from the use of this site.