Network Address Translation

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or

Already have an account? Sign In »

Time
7 hours 50 minutes
Difficulty
Beginner
CEU/CPE
8
Video Transcription
00:04
>> One of the services that many routers provide is
00:04
a service called NAT, network address translation.
00:04
NAT works with a very similar service called
00:04
PAT, port address translation.
00:04
Really the two go hand in hand.
00:04
On my internal network,
00:04
I have my hosts and I want to keep them protected.
00:04
Even though a router's primary job isn't security,
00:04
there are ways that you can add security to a router.
00:04
The idea is for any device running NAT,
00:04
there must be two interfaces.
00:04
One internal interface connected to
00:04
the internal network and
00:04
an external interface connected out to the Internet.
00:04
All traffic goes to the NAT device.
00:04
The NAT device strips the true source address and
00:04
replaces that address with
00:04
its own external interface address.
00:04
It looks like all traffic going out
00:04
>> onto the Internet is coming from
00:04
>> that NAT device, it's external address.
00:04
>> It's a way of hiding my internal
00:04
IP addresses and presenting
00:04
a different source address to
00:04
all clients on the Internet.
00:04
That also makes it very difficult for
00:04
those Internet systems to connect
00:04
>> to my internal network.
00:04
>> With that being said, another function
00:04
that NAT can perform using
00:04
PAT is to have
00:04
many internal IP addresses
00:04
with just a single external IP address,
00:04
and that uses something called
00:04
>> port address translation.
00:04
>> I may have 50 internal IP addresses,
00:04
all coming through the NAT device
00:04
and all traffic looks like it's coming from the
00:04
137.186.57.8 IP address in this illustration.
00:04
The reason many-to-one mapping or
00:04
>> the one-to-many mapping can happen
00:04
>> is through the use of ports,
00:04
>> and ports are assigned to the source address.
00:04
For instance, let's say computer 192.168.0.12,
00:04
is sending traffic out to the Internet.
00:04
If I have many internal hosts,
00:04
when that traffic goes through my router,
00:04
my router strips the true source,
00:04
replaces it with its own,
00:04
and adds arbitrary port number as the source so
00:04
that when the server goes out to
00:04
the Internet, responds back.
00:04
The router says,
00:04
this port goes to the address of
00:04
192.168.0.12 by appending point numbers
00:04
to the source address,
00:04
that router or whatever the NAT device is,
00:04
is going to be able to keep up with my internal hosts.
00:04
The big benefit of NAT is that it hides
00:04
internal addresses and also
00:04
keeps me from having to pay for
00:04
200 individual IP addresses for my ISP.
00:04
I pay for the one IP address that's
00:04
on my external interface on my router,
00:04
then everything else is hidden behind NAT
00:04
so they don't have to be registered addresses.
00:04
Another benefit with NAT,
00:04
are the internal IP addresses.
00:04
These follow an RFC called 1918.
00:04
RFC 1918 sets aside three ranges
00:04
>> of IP addresses just to
00:04
>> be used for private internal usage
00:04
and they are anything on the 10 network,
00:04
the 172.16 through 172.31 network,
00:04
and the 192.168 network.
00:04
All of those are reserved for
00:04
the specific purpose of internal use.
00:04
Again, because they're behind
00:04
NAT devices, it doesn't matter.
00:04
Those aren't the devices that are
00:04
going on on the Internet.
00:04
Those aren't the IP addresses.
00:04
NAT is going to strip those internal addresses and
00:04
everything presents from a single external interface
00:04
of the NAT device.
00:04
Now, if your NAT device fails,
00:04
all your traffic is going through that NAT device.
00:04
You're going to have to have
00:04
that single point of failure.
00:04
Keep in mind that NAT really doesn't
00:04
provide any other security services.
00:04
NAT very simply provides the address transition,
00:04
but that's an important service for us.
Up Next