NAT and DNS in real life?

Kcolon1Kcolon1 Member Posts: 36 ■■□□□□□□□□
Can someone explain where/when NAT would be used in a scenario in a company? How? What about DNS?

Comments

  • NetstudentNetstudent Member Posts: 1,693 ■■■□□□□□□□
    That would require someone to type a 10 page response. icon_lol.gif But I can give you an oversimplified explanation.

    Basically we are running out of public addreses. NAT is used to conserve public addresses by allowing companies to design their internal network with private addresses. Nat is usually used on an edge router and it translates between private and public addresses by changing the source IP in the IP header as it leaves the network or it changes the destination IP when data comes in the network. Static translations allow you to staticlaly define your internal services. So on the outside you would be advertising public addresses for your internal services. When someone from the outside wants to access your email server, that SMTP and POP3 traffic will be sent to a public address. Once that data gets routed to your edge router, that static translation will change the public to a private so that the data can pass through to the email server.

    Read my friend, read read read and read more. There are more whitepapers out there on NAT than you can shake a stick at.


    There is INternal DNS and external DNS. Internal DNS will resolve internal private addresses and the external DNS will resolve public addresses. But there are always variations.
    There is no place like 127.0.0.1 BUT 209.62.5.3 is my 127.0.0.1 away from 127.0.0.1!
  • mikearamamikearama Member Posts: 749
    I'd go one step further and suggest that there isn't an enterprise out there that isn't using NAT. Hell, if you have a linksys/dlink router at home and it connects more than one pc/laptop to the internet, you're using NAT. IE, my linksys connects a server, three PC's and a laptop... and all can get on the internet simultaneously, with one public IP. Hello NAT!

    DNS is a little different... you won't find it in most business smaller than an enterprise. Soho's might not even have it. But any company that employs servers will, especially if they launch a Windows domain, and/or have MS/Unix web servers.

    Mike
    There are only 10 kinds of people... those who understand binary, and those that don't.

    CCIE Studies: Written passed: Jan 21/12 Lab Prep: Hours reading: 385. Hours labbing: 110

    Taking a time-out to add the CCVP. Capitalizing on a current IPT pilot project.
  • networker050184networker050184 Mod Posts: 11,962 Mod
    Thats almost as common as asking someone to explain when a company would use a comupter icon_lol.gif
    An expert is a man who has made all the mistakes which can be made.
  • dynamikdynamik Banned Posts: 12,312 ■■■■■■■■■□
    I always recommend that someone with basic questions like these listen to the security now episodes 25-27:

    http://twit.tv/sn25
    http://twit.tv/sn26
    http://twit.tv/sn27

    They're really well done and will answer a lot of questions like those.
  • hectorjhrdzhectorjhrdz Member Posts: 127
    For your enterprise network you can use private addresses to work internally but if you want accesss to the internet for your employees you must use Public Addresses. How is it?

    You can use NAT to convert those private addr. to public addresses (using a pool) or all the private to an unique IP addr. (overload).

    This would be performed only when users are going to get the internet. Also is usual to issue this translation by a firewall wich could separate office users from the Core layer of your enterprise.

    This is just one scenario, there are so many other.

    Remember that only public addresses can be routed all over the internet. That's another reason to preserve them.

    About the DNS, if you are an ISP, it will be used for all your internet users to resolve names to ip addresses.

    It is used sometimes when you have, for example, two servers with the same service, one as primary an another as backup, and want to mantain the service always up. When the primary server goes down the DNS note that it's not longer available, so when another request arrives the dns (going to that service) resolve the ip addr of the backup server.

    I hope this was useful to you. however you must read a lot on the internet.




    cheers
Sign In or Register to comment.