Ads 468x60px

Network Address Translation - Overview

Friday, February 14, 2014 7:18 AM
Network Address Translation (NAT) provides the translation of an Internet Protocol (IP) address within one network to a different known IP address within another network. NAT functions by designating one or more interfaces as Inside while others as Outside.

·        Inside – A set of networks subject to translation.
·        Outside – All other addresses (typically valid public Internet addresses)


In most deployments NAT is used in conjunction with IP masquerading that hides RFC1918 private IP address space behind a single public IP addresses. NAT uses a stateful translation table to dynamically map the Inside addresses to a single Outside address and then rewrites the IP headers so that thesource IP packets appear to originate from the RF Switches Outside IP address. In the reverse path, responses from hosts through the Outside address are forwarded to the originating Inside IP address using the state information for the session in the translation table. The translation table rules and state are established dynamically and are flushed when no new traffic refreshes their state.


NAT translation can occur in both directions. Most commonly translation will occur from the Insideinterfaces to Outside interfaces providing private addressed hosts with Internet access. However static address translation can also be configured to translate specific ports on the Outside interface to a specific host a port on the Inside interface. A typical application for static NAT would be to allow hosts on the public internet to communicate with a web server behind the RF Switch that is using private IP addresses which is not reachable from the public internet

Applications:
The most common application for NAT is to provide internet access by translating private addresses (RFC 1918) with one or more public internet addresses. This application often called dynamic or many-to-oneNAT allows multiple hosts on the inside network to communicate with hosts on the public internet without exhausting valuable IPv4 space.
Other common application includes providing communications between hosts on overlapping networks during mergers and acquisitions which is common in banking and healthcare verticals. Additional common NAT applications include providing access to specific hosts and services on the inside network from hosts on the outside network allowing HTTP and other services to be served to public hosts without having to locate the server on the internet.

Restrictions:

Network Address Translation (NAT) only provides IP address translation services and does not provide firewall or filtering. The RF Switch includes a fully stateful inspection firewall which can be used with NAT to restrict which IPv4 traffic can be received and routed by the individual IP interfaces on the RF Switch.
When deploying dynamic or static NAT it is recommended that a firewall rule be created and applied to the outside interface. For example when dynamic NAT is being used, a single firewall rule can be created and applied to the outside interface to deny all inbound traffic. As the integrated firewall is fully stateful, traffic originating from hosts on the inside network will pass freely through the firewall, however traffic originating from the outside network attempting to go inside will be blocked.
When static NAT is being deployed, the firewall rule can be modified to permit inbound traffic on the outside interface for the specific ports that are being translated. For example to allow HTTP a permit rule for destination TCP port 80 could be added before the deny all rule.
For examples of how to configure the stateful inspection firewall, please reference the Wireless Firewall How-To Guide.




Nhãn: ,

0 nhận xét:

Post a Comment

Subscribe to: Post Comments (Atom)