I would like to tell you what does NAT means.
Each computer, and more generally, each device connected to a network, is characterized by an address, which allows other devices belonging to the same network to communicate with it. At the network layer address reference is generally a type of IP address which is presented as a sequence of four numbers between 0 and 255 separated by dots (eg 192.168.0.1).
The number of available IP addresses is not infinite in fact, is limited to a specific number which corresponds to the multiplication result of the following:
Code:
255x255x255x255 = 2 ^ 32 (about 4 billion)
This is certainly a significant figure but still finite and well determined. Given the premise is evident the need to manage, in an efficient way, this pool (limited) number of addresses available in particular with reference to the devices connected to the network.
The simplest solution would probably be to assign a static IP address at each predetermined device. This choice, however, would be grossly inefficient, however, if applied generally and on a large scale because the address would be assigned to busy (and therefore not available) even at times when the device should be connected to the network.
Already at first glance, then, is decidedly preferable to adopt a procedure for assigning dynamic IP addresses that can handle more rational (and therefore less waste) resources available. We see the operation of such a procedure:
When computer is connected to the network it requires the ISP to assign it an IP address;
The provider (which has provided a well defined address pool) assigned to a requesting computer of IP available; When disconnected from the network IP address is "liberated" and returns from those available and ready to be re-allocated.
Public IP and Private IP
Again in a better resolution of the problem of IP address management, it defines a number of "blocks" that can be used only in private and local networks (called private IP while all other IP addresses are not part of this group, are called public IP), replicated across multiple LANs (local area network), provided that such addresses are used only for the management of internal communication network and not outward. The process of NAT is placed in this context.
The management of private and public IP using NAT
It defines in fact the NAT (Network Address Translation) as a process of change of addresses that characterize a specific network. Using this technique it is possible, for example, use of private addresses precisely within a LAN, then leaving the routing device (mandated to undertake the process of NAT) to associate the task with internal computers that request one or more public IP addresses that enable communication even with the outside. This procedure allows better management of public IP addresses and at the same time, from the point of view of safety, does not allow outside observers to obtain information about the addressing of the internal network.
The process of address translation from inside out is rather simple: The router (or more generally in charge of the device address translation), with a request from one of the hosts of the internal connection to the outside, choose from a pool of public IP addresses available from the address associated requesting host; at this point the device maintains a table that is inserted into the association between the internal address (private) requesting host and the address (public) with which this host interfaces with the external network; where packets are received at the public for newly assigned, the router will then forward them, inward, so smooth.
Evaluating the process of NAT in more detail, we identify different implementation strategies. The most direct and simple to implement is probably identifies the so-called Full Cone NAT. In this case an association between the complete and total internal address of the host and the public address, delivered by the device assigned to conduct the operations of NAT. In other words, the address translation is performed on an unrestricted basis, both internally and externally, therefore allowing to contact a host present in the internal network on the condition to know the public IP address, determined and assigned its own from the device that performs NAT. This choice reduces the need for configuration of the device, but at the price of a less filtering in respect of packets that arrive from the outside.
For added security, you can instead, for example, choose the configuration of Restricted Cone NAT. In this case it is not sufficient to ensure the reception of packets to be part of the 'host computer that the senders know the public IP address associated with it. The host can be contacted only those computers that it has itself previously contacted. Attempts by other computers to launch a communication should experience a failure. Such a characteristic configuration of Restricted Cone NAT restricts the receipt of the internal network but at the same time constitutes a barrier against intrusion attempts on one of the host computer. And 'possible to obtain a further narrowing of the meshes of the network by configuring Port Restricted Cone NAT which requires, for the acceptance of packets on a particular port, the internal host has first communicated with the external host through the same door.
An even greater isolation of the internal network can be obtained through a configuration called a Symmetric NAT (or symmetric NAT). In this configuration, in fact, for each request from a specific address and a specific port to a destination identified in turn from address and port is associated with a connection, equipped with its own public IP. If an internal host decides to send requests to external hosts separate, or even to different ports of the same external host, it would with separate public IP addresses. For this reason, the symmetric NAT, while ensuring a high degree of isolation and improved internal network security, is particularly onerous in terms of the use of public IP addresses. Even for symmetric NAT, as well as for the solution of Restricted Cone NAT, the communication process must be initiated by an internal host.
Bookmarks