Women at work

I have a PhD in electrical engineering and have been teaching and doing programming and IT for ... too many years. (specializing in networks and security) I am not going to disclose my age! I am one of very few women of my age who STAYED in the field, since it is super competitive macho field. But here I am! I use my engineering skills for everything I do. In this blog, I will share anything from technical to social comments on technology.

Tuesday, May 30, 2017

What if target is behind NAT



Configuring hosts to be Internet- and LAN-enabled

Each computer on the Internet has to have TCP/IP software, and also Link Layer software (Ethernet, wireless, etc.) and appropriate NIC.
The parameters needed to operate on Internet are: MAC address, IP address, subnet mask, default gateway, and DNS server.
MAC address comes with the NIC automatically.
Software and NIC must be configured with IP address, subnet mask, default gateway, and DNS server. This is duty of IT personnel.
Configuration can be manual or automated.
If a network device is configured to have a static IP, then the IP, the subnet mask, DSN server and default gateway must be manually entered into TCP/IP configuration menu. Those numbers will not change.
If a network device is configured to use DHCP, then it will automatically get its own IP address, subnet mask, default gateway IP, and DNS server IP from DHCP server. It’s IP address will be dynamically assigned, i.e. it will not be a permanent number.

Network Address Translation (NAT) protocol

In IPv4, there are not enough IP addresses, and it is necessary to invent some “smart” tricks to make one address act as many. Enter NAT: a router acts as a proxy for IP addresses, mapping many private addresses to one public address. NAT is used so that one IP unique IP address can be “stretched out” to represent many computers, therefore saving IP address space. In addition, NAT is useful to ensure security: computers behind NAT do have private addresses and are not accessible from the outside network. 

Besides NAT, there are also:
NAPT: Network Address Port Translation
PAT: port address translation.  Used for SOHO. ISP assigns a “real” i.e. public IP address to the router. Router assigns unique port numbers to the home computers.

Typical configuration of SOHO networks:






 

 













Clients and default gateway are all configured to get information via DHCP.
However: clients get it from the gateway, i.e. the gateway is their DHCP server.
Gateway gets it from the ISP DHCP server.
ISP’s DHCP server issues unique IP address to the default gateway. ** This address will be automatically downloaded by all clients when they connect into the network. **
If we talk about a larger organization and not SOHO, then the organization itself will “book” one “real” i.e. static IP address for the default gateway.

Of course, this discussion pertains to IPv4 addressing. In case of IPv6, there is no need for NAT. There are enough IPv6 addresses and therefore, each device on Internet can have its own public address. That seems too insecure to sys admins who are used to NAT. NAT does not provide solid security by any means, because computers on the private network behind NAT usually can reach outside to the public network, and if an attacker wants to, attacker can reach the private network. However, it does require more work and effort than not having the NAT and having computers on public network. Therefore, NAT is generally considered an additional layer of security and thus people are not readily switching to using IPv6 and foregoing NAT>  

 

 


 

posted by HumanRemodeling @ 7:48 PM

0 Comments:

Post a Comment

Subscribe to Post Comments [Atom]

<< Home