NAT Question

Lawdie

Hi

I need to show my ignorance and ask whats a NAT as referred to in the posts. I've observed that it will help protect internet access while online through ADSL, as I will be shortly.

Thanks

Lemming

Originally posted by Lawdie
Hi

I need to show my ignorance and ask whats a NAT as referred to in the posts. I've observed that it will help protect internet access while online through ADSL, as I will be shortly.

Thanks

NAT stands for "Network Address Translation" and is a manner in which a machine accesses d'internet

An example would be the following set-up. A machine running as a firewall, which has two network connections. One of these is assigned to your DSL connection, and the other is to connect to your internal network.

Internal machines will (generally speaking) not have world-resolvable ip addresses. In other words, attempting to access these machines from the world wont be possible on their own. Hence NAT comes in to play. All communications to and from these machines has to travel through the firewall and have the IP address switched to that of the external network connection (the DSL connection). This is NAT. Since any traffic comign from these machines appears to come fmo teh firewall machine's IP address, the world knows where to send any responses to communications from these machines. So you can control what type of traffic gets to & from these machines.

I'm sure there are others out there who can explain this FARRRR better than me

tribble

NAT = Network Address Translation

Basically instead of your PC being given an IP address by the ISP another device called a router takes it.

Your PC('s) then pass their requests to the router and is in turn passes then to the ISP.
The ISP only sees the router - not the individual PC('s).
This is called NAT.

The protection comes from the fact that any data recieved by the router that has not been requested by your PC is simply dumped.
Similar to a firewall.

The blaster worm is an example of a nasty that a NAT box (router) or firewall would have prevented.

tribble

Lawdie

Thanks guys that helps me understand.

In my case I wanted to get a wireless router for the house and setup two pcs and one laptop to access. This will in turn use the NAT to barricade the units from direct internet access.

Is there any downside to NAT or things to watch out for when setting up the router?

Ripwave

Originally posted by Lawdie
Thanks guys that helps me understand.

In my case I wanted to get a wireless router for the house and setup two pcs and one laptop to access. This will in turn use the NAT to barricade the units from direct internet access.

Is there any downside to NAT or things to watch out for when setting up the router?

if you look at it from the other point of view, it might be easier to understand the implications.

You know that IP addresses need to be unique, so that IP packets can find their way to their destination. But there are millions of people who need a small allocation of IP addresses for local use. RFC 1918 set aside a couple of blocks of IP addresses that anyone can use for their own purposes, but these addresses can't be routed across the internet. If you set up your own "home LAN", you will typically use addresses in the 192.168.x.x range. If you want to connect your HAN to the internet, you need a "real" IP address. If you have a NAT device on your network, it can translate all inbound and outbound requests so that all the devices on your private network can "share" the one IP address. It will keep track off all the outbound requests, and make sure that the responses are delivered to the right machine.

Aside from the fact that you avoid the hassle of managing bunches of IP addresses, the upside is that nobody can "reach-in" from outside and breack into your computer, because your PC doesn't have a "real" IP address that is reachable from the internet. On the other hand, if you actually want people to be able to reach your machine (you want to run a web server or a mail server, for example), then you have to configure your NAT device to accept those requests, and forward them to the appropriate machine on your network.

But even if you're not interested in running a web or mail server, you might want to use something like NetMeeting to talk directly to someone else. And you don't want to leave those ports open all the time. Luckily most up to date NAT devices support "plug and play", so that current applications can actually do the port configuration for you (the application can contact the NAT device and tell it what ports to accept connections from ).

If you're interested in using VPN software to connect to work, you will also need to check that it can handle NAT. Older VPN clients had problems with NAT, because the VPN client encrypted the workstation IP address in the packets, so the VPN server couldn't return the response packets. Nwer VPN clients support "NAT traversal".