NAT and DNS in real life?

Kcolon1

Can someone explain where/when NAT would be used in a scenario in a company? How? What about DNS?

Find more posts tagged with

Save $250 on 2025 certification boot camps from Infosec!

Book now with code EOY2025

Button

Comments

Netstudent

That would require someone to type a 10 page response.

But I can give you an oversimplified explanation.

Basically we are running out of public addreses. NAT is used to conserve public addresses by allowing companies to design their internal network with private addresses. Nat is usually used on an edge router and it translates between private and public addresses by changing the source IP in the IP header as it leaves the network or it changes the destination IP when data comes in the network. Static translations allow you to staticlaly define your internal services. So on the outside you would be advertising public addresses for your internal services. When someone from the outside wants to access your email server, that SMTP and POP3 traffic will be sent to a public address. Once that data gets routed to your edge router, that static translation will change the public to a private so that the data can pass through to the email server.

Read my friend, read read read and read more. There are more whitepapers out there on NAT than you can shake a stick at.

There is INternal DNS and external DNS. Internal DNS will resolve internal private addresses and the external DNS will resolve public addresses. But there are always variations.

mikearama

I'd go one step further and suggest that there isn't an enterprise out there that isn't using NAT. Hell, if you have a linksys/dlink router at home and it connects more than one pc/laptop to the internet, you're using NAT. IE, my linksys connects a server, three PC's and a laptop... and all can get on the internet simultaneously, with one public IP. Hello NAT!

DNS is a little different... you won't find it in most business smaller than an enterprise. Soho's might not even have it. But any company that employs servers will, especially if they launch a Windows domain, and/or have MS/Unix web servers.

Mike

networker050184

Thats almost as common as asking someone to explain when a company would use a comupter

dynamik

I always recommend that someone with basic questions like these listen to the security now episodes 25-27:

http://twit.tv/sn25
http://twit.tv/sn26
http://twit.tv/sn27

They're really well done and will answer a lot of questions like those.

hectorjhrdz

For your enterprise network you can use private addresses to work internally but if you want accesss to the internet for your employees you must use Public Addresses. How is it?

You can use NAT to convert those private addr. to public addresses (using a pool) or all the private to an unique IP addr. (overload).

This would be performed only when users are going to get the internet. Also is usual to issue this translation by a firewall wich could separate office users from the Core layer of your enterprise.

This is just one scenario, there are so many other.

Remember that only public addresses can be routed all over the internet. That's another reason to preserve them.

About the DNS, if you are an ISP, it will be used for all your internet users to resolve names to ip addresses.

It is used sometimes when you have, for example, two servers with the same service, one as primary an another as backup, and want to mantain the service always up. When the primary server goes down the DNS note that it's not longer available, so when another request arrives the dns (going to that service) resolve the ip addr of the backup server.

I hope this was useful to you. however you must read a lot on the internet.

cheers