| Read this whole guide offline with no ads, for a low price! |
Click Here!
Use coupon code "certiguide" to save 20%!
(Expires 2004/12/31) |
|
| Need more practice? 300 additional Security+ questions! |
| Get It Here! |
|
|
Types of NAT
NAT can be static or dynamic.
In static NAT, there is a one-to-one mapping between each
private address and a public address. The NAT process consists
of modifying the source IP address on outgoing packets to the public
address, and modifying the destination IP address on incoming packets
to the private address. In this situation, an organization is required
to have as many public network addresses as private network addresses,
which sometimes isn’t possible (for technical or political reasons).
In dynamic NAT, there is a pool of public addresses, and
internal hosts needing Internet connectivity will be mapped to the next
available public address on an as-needed basis. When the connection
is terminated, the public address is returned to the pool, to be
used again. Because of this re-use, it is possible to have a smaller
number of public addresses than you have machines with private addresses
– as long as all of the internal machines aren’t using the
Internet simultaneously.
A variation on dynamic NAT is
Port Address Translation (PAT). PAT, sometimes known as “single
address NAT,” is a specific case of NAT in which there is one external
address, and multiple internal computers connecting to Internet hosts
through it. In this case, not only does the IP address in the packet
change… so does the TCP/IP port number. (This is required because
multiple internal connections are sharing the same public IP address
simultaneously, and a connection using the same port number on the public
address can’t be guaranteed, since someone else may already have
it.) An alternate explanation of PAT is that it is used to redirect
requests for access to a specific port number on the external address,
to a specific internal machine, based on a table of address/port redirections
set up by the administrator.
For example, if you have one external
address, you might redirect port 80 packets to a web server in your
network, port 25 packets to a mail server, etc. In this case, the port
number of the packet doesn’t change, but the address does.
 Mapping Ports/PAT
Static NAT involves a fixed one-to-one mapping of a private address to a public address, for each node in the private network. The port numbers in the packet do not change.
Dynamic NAT involves as-needed mapping of a private address to the next available public address in a pool of possible addresses.
PAT involves mapping multiple private addresses to a single public address. This is accomplished by also translating port numbers. PAT can be used so that requests to different port numbers at the same IP address are routed to different hosts.
|
| If you find CertiGuide.com useful, please consider making a small Paypal donation to help the site, using one of the buttons below. You can also donate a custom amount using the far right button (not less than $1 please, or PayPal gets most/all of your money!) In lieu of a larger donation, you may wish to consider buying an inexpensive PDF equivalent of the CertiGuide to Security+ from StudyExam4Less.com. (Use coupon code "certiguide" by December 31, 2004 to save 20%!) Thanks for your support! |
|
|
Home -
Table Of Contents - Contact Us
CertiGuide for Security+ (http://www.CertiGuide.com/secplus/) on CertiGuide.com
Version 1.0 - Version Date: November 15, 2004
Adapted with permission from a work created by Tcat Houser et al.
CertiGuide.com Version © Copyright 2004 Charles M. Kozierok. All Rights Reserved.
Not responsible for any loss resulting from the use of this site.
|
