NET 330 W6 Notes - Oliver-Mustoe/Oliver-Mustoe-Tech-Journal GitHub Wiki

NOTE: Information on this page is intended as notes and does contain text copy and pasted from readings/online sources. I do not claim to own this information, I have simply captured it for my studying needs.
Below are notes taken during/after class DATE:

Filename: D6 -- 10/3/22

Network Address Translation

  • All the ipv4's have been assigned

  • How do we continue to use IPv4 when we are out of addresses

  • NAT (Network Address Translation)

  • Lots of networks use use private addresses instead

  • Private addresses are not routable

  • NAT is a method of remapping one IP address space into another.

  • We do this by modifying the network address information in IP packet headers while they are in transit across the network

  • NAT device rewrites layer 3 layer

  • NAT router has to make change and keep track of the translation

  • Router has to keep track of translations to keep track of where to go

  • Nat router must

  • Rewrite layer 3 header

  • Often rewriting Layer 4 as well

  • Keep track of translations in a table so it knows how to send inbound packets back to the right client

  • NAT devices are in between the sender and receiver

  • Can condense

  • NAT can also provide security

  • Hosts using private IP's cannot typically be directly accessed from outside the network

IP Masquerading

  • In IP masquerading, the Private Source IP address is changed into a Public address as the "new" source address of the outgoing IP packet.

  • This enables communication through the router only when the conversation originates inside the masqueraded network.

  • Masquerading routers keep stateful translation tables of each conversation to "remember" the original source address when packets return during this conversation.

  • The translation tables are flushed after a defined period unless new traffic refreshes their state to prevent port exhaustion and free state table resources.

Types of NAT:

  • Many-to-many IP mapping: Not used often, messy

  • One-to-one IP mapping: port forwarding

  • Many-to-one IP mapping: IP masquerading -- often used

Static NAT -- port forwarding

  • Allows the network admin to configure translation table entries for permanent use

  • Often referred to as port forwarding and allows traffic originating in the "outside" network to reach designated hosts in the masqueraded network.

  • Simple to configure

  • Useful to allow access to a few servers, hosts, or applications

  • Does not scale well -- as each entry has to be manually configured

Dynamic NAT

  • Maps unregistered private IP address to registered public IP addresses by selecting public IP from a pool of registered IP addresses.

  • Many to many mapping

  • Dynamic NAT is used when PAT is not supported

  • Some hardware and protocols don't support PAT

  • Dynamic has limitations

PAT -- Port Address Translation

  • PAT is a common implementation of IP Masquerading NAT.

  • Permits multiple devices on a LAN to be mapped to a single public IP address.

  • PAT devices use the Source TCP port number as a way to keep track of different sessions

  • Usually picked randomly

  • Ephemeral

  • Table tracks the mapping between the original IP/port and new IP/port

Translating internal requests going outbound by keeping track of port number being used

Cisco commands:

  • Define the "inside" and "outside" interfaces

  • Typically inside is the interface connected to the Private Addresses

  • Outside is the interface connected to the Public address

  • E.g.:

  • #interface serial 0/0/0 

  • (config-if)#ip nat outside

  • Set NAT Rules

  • Static mappings

  • PAT/Dynamic pool assignments

Wildcard Subnet Masks -- for NAT rules:

  • Yet another way to write a subnet mask

  • Subtract 255 from each octet (negatives is the leftovers)

  • Basically switch the ones and zeroes

  • So:

  • 255.255.255.0 (11111111.11111111.11111111.00000000) becomes

  • 0.0.0.255 (00000000.00000000.00000000.11111111)   or

  • 255.255.255.252 becomes 0.0.0.3

  • 255.255.240.0 becomes 0.0.15.255

6-1 > good notes, will be used a lot

Labs build on top of eachother

Notes for review

  • DHCP does not need CNAME

  • Needs 

  • /22 has 800 addresses

  • Rogue DHCP

  • IP Masquerading is related to NAT

  • Distribution in the hierarchical internetworking model has the most routing

  • Study subnets

  • DHCP servers that support multiple VLANS need a pool for each VLAN

  • Not all .0 is a network address (same for 255)

  • PAT is Many-to-one (home networks, enterprises)

  • VLAN Access Ports are used to connect devices at which layer