NAT Network Address Translation

What I have in front of me is a diagram of what a typical small network attach the
internet might look like.

So I've got some router here.

Pretend I'm down here in Houston so we use Comcast a lot down here.

So this is some Comcast router and it has an IP address on its way inside that came
from Comcast.

Now inside we have a lot of computers and could be a wireless access point with
some smartphones or who knows.

But there's a lot of devices on here and all these devices.

They have web browsers and they get on the Internet.

So remember the rule of the internet says that all devices that get on the internet
must have a legitimate IP address.

Well there's a little magic here.

And in order for you to appreciate the magic what I want to do is let's go back in
time to the early 1990s back when I first started getting on the Internet and let
you understand that it was a lot trickier back then to do that.

So now it's the early 90s in order to do something like this.

Sure.

I would have to get some kind of device.

We didn't have cable modem back then but I will say it a some kind of phone
connection and I would have this and I would have an IP address that came from my
ISP.

But remember the rule the Internet says that all devices must have legitimate IP
addresses.

So the other thing we'd have to do is call the ISP and go oh I need one two three
four or whatever number of IP addresses and you would also be sold an IP address
range just for your own little subnet your own little network ID that was yours and
yours alone and you'd have to go in and configure each one of the devices you'd
have to configure the landside of the router.

All for that network ID and that is in the bad days is how you got on the internet.

Sounds painful doesn't it.

Well back by the early 90s I'm sorry Bill.

Call it the mid.

We realized that we were starting to run out of IP addresses.

The IPV for standard only has four billion addresses and they're not used very
frugally so even by the 90s we were like holy cow we're in and out of IP
addresses.

So they invented this wonderful thing called Network Address Translation with
network address translation and this is built into routers every SOHO router out
there has Network Address Translation.

It's built in and you'd be hard pressed to find one that doesn't have it already
turned on and ready to work any way to appreciate.

Network Address Translation Let's pretend that oh this computer right here wants to
get over to Google.

All right.

So here's my little setup Here's the packet that's going out.

This is the IP address to Google.

This is the internal IP address for my device and this is the data.

Now when this goes out if I'm using a nattered router when the nattered router sees
this.

He'll look at this IP address and on our internal network so we use IP addresses
like 192 168 private IP addresses.

And these are not to be ever put out on the real Internet.

So what happens is the router automatically just plugs in his IP address on the way
inside which is a legitimate IP address.

Now he goes and sends us out now before he sends it out.

He's going to check the ports and the IP address he's going to write all this down.

Put it into a table because when this comes back he needs to be able to know who to
send it back to.

So out it goes and be something like this right because it's coming back in now.

It comes in and goes.

This is for me because that's the router's IP address.

But then he's got to look at other information compare it to his table and go oh
that's really for that guy over there.

Plugs all this in.

And now this is the internal IP address and it can get to that particular device.

So that's the beauty of that network address translation allows us to have lots of
devices that are on the internet without using legitimate IP addresses.

But there are some downsides to this.

One of the big issues that we have with Nat is that somebody has to start a
conversation so that this guy knows who to send it back to.
And that's fine for people who are just using web browsers or checking your email
or stuff like that.

But what if these were like web servers or something like that.

Well that's where things become a little bit different in this case we have
different versions of Nat and these are on the network plus you need to be aware of
them.

One version of that is called static Nat.

Now static net simply means that I am going to assign one IP address so that
anybody who comes in on a particular IP address is always sent to this one
particular guy.

So static net is we use the term port 14 a lot when you hear this as well.

But the thing to remember with static Nat is that all incoming addresses for one
particular IP address go to one particular device.

So that's one way to do it the other way to do it and this is very rarely done but
it does exist out there is a dynamic that or this is also called your Eddy puled
Nat with dynamic that I got.

For devices that may or may not want to get out to the Internet.

So what I'll do is in order to save money I'll have say two IP addresses built into
this router.

And if one of these people wants to get out well he'll be given that IP address and
he can do whatever he wants to do.

I've got one IP address left so this guy wants to get out now he can go ahead and
use that.

The problem with dynamic Nat is that you have a fixed number of IP addresses.

So if this guy wants to get out well he's out of luck.

So that's the basics of how that works for the exam.

Make sure you know the difference between static Nant regular net or or which we
would call Port address translation and dynamic debt you're going to see all three
on the exam.

Static NAT is a type of NAT in which a private IP address is mapped to a public IP

address, where the public address is always the same IP address (i.e., it has a
static address). This allows an internal host, such as a Web server, to have an
unregistered (private) IP address and still be reachable over the Internet.

Dynamic NAT is a type of NAT in which a private IP address is mapped to a public IP

address drawing from a pool of registered (public) IP addresses. Typically, the NAT
router in a network will keep a table of registered IP addresses, and when a
private IP address requests access to the Internet, the router chooses an IP
address from the table that is not at the time being used by another private IP
address. Dynamic NAT helps to secure a network as it masks the internal
configuration of a private network and makes it difficult for someone outside the
network to monitor individual usage patterns. Another advantage of dynamic NAT is
that it allows a private network to use private IP addresses that are invalid on
the Internet but useful as internal addresses.

PAT short for port address translation, a type of network address translation.
During PAT, each computer on LAN is translated to the same IP address, but with a
different port number assignment.

PAT is also referred to as overloading, port-level multiplexed NAT or single

address NAT.

PAT Translates internal IP addresses to an internet address and tracks the packets

SNAT (Static NAT) sends specific traffic to one internal IP address

DNAT (Dynamic NAT) has a limited pool of internal addresses to give to a number of
internal devices

Implementing NAT

Talking about that is kind of interesting.

But it's even more interesting to see it in action.

What I'm going to do right now is I'm going to take my laptop and I'm going to
connect to my home router and we're actually going to see how that can be
implemented in a home router scenario.

Now I need to reinforce something here.

Virtually every home router in existence has net turned on by default.

That's just how they are because they're gonna be used at home big serious routers
that are going to be used at an enterprise level.

They almost never have net turned on and you need somebody who knows how to do it.

So in this case we're going to start with a router that has net turned on and turn
it off and then turn it back on again.

So let's go and get started.

So here we are in my little Linksys router it's an old lynxes 2500 great little
router.

And if you take a look you'll see that my way an IP address is 161 16 513 So that
came from my ISP.

And by the way this is a bogus address so don't bother pinging it now on the
landside you'll see that his IP address is 192 168 13:1 and he's also a C-p server
so he's passing out one to 168 13. 100 and incrementing up from there to all the
clients on the land side.

And you're going to want to remember that for a moment.

So now let's talk about turning net off.

Now it's different for every one of these little routers and this one it's actually
very pretty.

You can see right here where it says Nat enabled disabled on other routers.
It'll say like Gateway enabled or disabled and you just have to know through
osmosis that that's what it means.

So by default it's enabled.

So if I want to disable it I'd click that hit save settings and it's disabled.

So that's really all there is to configure are really unconfiguring that on a

typical SOHO router.

So one of the things that cracks me up about people is oh go well you know I just
got my new Comcast and we plugged in and everything started working.

I didn't have to configure new IP addresses though that's right.

Because other things were taking care of stuff for you Nat as well as other aspects
of today's modern networking.

Make all of this work pretty much invisible to the normal user.

SOHO (Small Office Home Office) routers ship with NAT enabled

NAT on a SOHO router can be disabled through the router's configuration page

Some older routers call this setting gateway/router mode