3com 3031 Instruccion De Instalación
402
C
HAPTER
32: NAT C
ONFIGURATION
network address translation list. The external server sends the response packet2
(The destination is 202.169.10.1) to the NAT server. After inquiring the network
address translation list, the NAT server replaces the destination address in packet2
header with the original private address 192.168.1.3 of the internal PC.
(The destination is 202.169.10.1) to the NAT server. After inquiring the network
address translation list, the NAT server replaces the destination address in packet2
header with the original private address 192.168.1.3 of the internal PC.
The above mentioned NAT process is transparent for terminals such as the PC and
server in the above figure. NAT “hides” the private network of an enterprise
because the external server regards 202.169.10.1 as the IP address of the internal
PC without the awareness of the existence of 192.168.1.3.
server in the above figure. NAT “hides” the private network of an enterprise
because the external server regards 202.169.10.1 as the IP address of the internal
PC without the awareness of the existence of 192.168.1.3.
The main benefit NAT offers is the easy access to the outside resources for the
intranet hosts while maintaining the privacy of the inner hosts.
intranet hosts while maintaining the privacy of the inner hosts.
Since it is necessary to translate the IP address translation of data packets, the
header of the data packet related to IP address cannot be encrypted. For example,
encrypted FTP connection is forbidden to be used. Otherwise, FTP port cannot be
correctly translated.
header of the data packet related to IP address cannot be encrypted. For example,
encrypted FTP connection is forbidden to be used. Otherwise, FTP port cannot be
correctly translated.
Network debugging becomes more difficult. For instance, while a certain internal
network host attempts to attack other networks, it is hard to point out which
computer is malicious, for the host IP address is shielded.
network host attempts to attack other networks, it is hard to point out which
computer is malicious, for the host IP address is shielded.
NAT has little impact on the performance of the network for the 10Mbit/s
bandwidth links, for the bottleneck is the data transfer circuit. When the baud rate
is over 10Mbits/s, NAT will cause some certain effects upon the performance of
the route.
bandwidth links, for the bottleneck is the data transfer circuit. When the baud rate
is over 10Mbits/s, NAT will cause some certain effects upon the performance of
the route.
Functions Provided by
NAT
NAT
Many-to-Many Address
Translation and Address
Translation Control
Based on the above figure, the source address of the intranet will be translated
into an appropriate extranet address (the public address of the outbound interface
on the NAT server in the above figure) via NAT. In this way, all the hosts in the
intranet share one extranet address when they access the external network. In
other words, only one host can access the external network at a time when there
are many access requirements, which is called “one-to-one address translation”.
into an appropriate extranet address (the public address of the outbound interface
on the NAT server in the above figure) via NAT. In this way, all the hosts in the
intranet share one extranet address when they access the external network. In
other words, only one host can access the external network at a time when there
are many access requirements, which is called “one-to-one address translation”.
An extended NAT implements the concurrent access, that is, multiple public IP
addresses are assigned to a NAT server. The NAT server assigns a public address IP1
to a requesting host, keeps a record in the address translation list and forwards the
data packet, then assigns another public address IP2 to another request host and
so on. This is called “many-to-many address translation”.
addresses are assigned to a NAT server. The NAT server assigns a public address IP1
to a requesting host, keeps a record in the address translation list and forwards the
data packet, then assigns another public address IP2 to another request host and
so on. This is called “many-to-many address translation”.
The number of public IP addresses on the NAT server is far less than the number of
hosts in the intranet because not all hosts will access the extranet at one time. The
public IP address number is determined based on the maximum number of
intranet hosts at the rush hour of the network.
hosts in the intranet because not all hosts will access the extranet at one time. The
public IP address number is determined based on the maximum number of
intranet hosts at the rush hour of the network.
In practice, it may be required that only some intranet hosts can access the
Internet (external network). In other words, the NAT server will not translate
source IP addresses of those unauthorized hosts, which is called address
translation control.
Internet (external network). In other words, the NAT server will not translate
source IP addresses of those unauthorized hosts, which is called address
translation control.