Network address translation

Hey all,

I was thinking about NAT and I couldn't figure out how a router with NAT would know which pc to send the packet to.

Does the router send packets out to the internet using only the ip assigned by the ISP or does it use a range of non private addresses? Also does this mean that the ISP's routers accept any packets from any ip address so as long as they're not private?

If A router does you only one IP address to send packets through to the net then how would it know which computer data received was ment for seeing as the IP address and mac address doesn't match anything on the LAN.

I was told NAT uses a sort of table to keep everything in check so does that mean there are mutiple ip address used to send data out to the internet?

Edit:

The router tracks basic data about each active connection (particularly the destination address and port). When a reply returns to the router, it uses the connection tracking data it stored during the outbound phase to determine where on the internal network to forward the reply; the TCP or UDP client port numbers are used to demultiplex the packets in the case of overloaded NAT, or IP address and port number when multiple public addresses are available, on packet return. To a system on the Internet, the router itself appears to be the source/destination for this traffic.

If this is the case then isn't it highl improbably but possible that data could be sent to me mistakenly because my my router using NAT used the same IP address as someone elses? Or is this not an issue because of routing protocols?

With something like distance vector protocols (RIPv1/v2) routers could have all their data rewritten because they're routing by rumor right?

Find more posts tagged with

Save $250 on 2025 certification boot camps from Infosec!

Book now with code EOY2025

Button

Comments

pooker

depends what nat you are talking about

there is static nat
dynamic nat
and nat overload aka pat

static nat , maps a private ip address to a internet address

dynamic nat has a pool if internet address, that can be assigned to any one private ip address when not in use

nat overload , or pat (we still call it nat today but we are actually using pat) uses different port numbers, when mapping multiple ip address to one internet address, this is how in essence multiple users are able to connect to the internet with one address..

for example, lets say you have multiple browsers open, ever wondered how the computer knows to send that info? thats because each browser is using a random port number, say for accessing a web server, your destination port is 80 but the source port might be 50510, and in the other browser the source port might be 50518

Project2501

Well with that said ports are based on TCP and UDP L4 protocols so how does a L3 router deal with ports using PAT then? Is it stripping the info and reading it using functions built into the IOS or is there another application running on top of the IOS.

I thought a router would strip the header and footer then analyse the L3 data ie. IP address and forward the packet on from there but becuase there isn't a matching IP address in the routing tables it would just drop the packet.

flipmad

NAT Overload (PAT) is done by source and destination Ports.

For Example

Computer 1 generates random source port of 85672 and your inside local address is 192.168.10.2 and destination port outside global address yahoo.com 66.126.2.4:80

Computer 1 then generates a second request on random source port of 85673 and your inside local address is 192.168.10.2 destination port outside global address yahoo.com 66.126.2.4:80

Your inside global is 177.26.4.18

So when your router will NAT both

192.168.10.2:85672
192.168.10.2:85673

to

177.26.4.18:85672
177.26.4.18:85673

So when it reaches the web server at yahoo.com

it will respond back to source ports and your router will know where each request was made to communicate with the right place.

Project2501

Cheers guys