Friday, February 18, 2011

OVERVIEW OF NAT


  ,--|192.168.1.1 (Computer A) |
L |  |-------------------------|
A |--|192.168.1.2 (Computer B) |
N |  '-------------------------'
  |  ,-------------------------,
  '--|192.168.1.100   (ROUTER) |
     '-------------------------'
  i have a  LAN with two computers and router. The LAN has its own private addressing scheme (Normally 192.168.1.x or similar) and each device connected to the LAN gets an IP from this range.


 As far as the internet is concerned I have a single 'outside' IP address (The one provided by your ISP).


 Since the router acts as a gateway between the 'inside' (your private LAN) and the outside.


Router sits between the 'inside' and the 'outside' and forms a kind of bridge over which data can pass.


if my  ISP gives you the address 11.22.33.44 then my  network will look something like the this..


      ,-------------------------,
   ,--|192.168.1.1 (Computer A) |
L  |  |-------------------------|
A  |--|192.168.1.2 (Computer B) |
N  |  '-------------------------'
   |  ,-------------------------,
   '--|192.168.1.100            |       inside
======|                (ROUTER) |================
   ,--|11.22.33.44              |       outside
   |  '-------------------------'
I  |
S  |
P \|/
   The basics (Or 'how  machines currently surf from a single IP')


 Now, when I set each computer to use 192.168.1.100 as its 'gateway' in the TCP/IP settings dialogue I am telling them where to send any traffic which does not belong in the 192.168.1.x range.


 Therefore, when I  type www.google.co.uk into  web browser this is translated into googles IP address say... 62.62.62.62 which obviously is NOT a part of 192.168.1.x so it gets sent to your router. 

What happens next is magic .

Lets follow what happens when Machine A (192.168.1.1) opens a temporary outgoing port, say 1025 ... and tries to connect to 62.62.62.62:80 (One of googles many webservers) 

Machine A sends a packet whos header contains...
SOURCE = 192.168.1.1 :1025
DESTINATION = 62.62.62.62 :80
... to the gateway ( router) for passing to the outside world

Router receives the packet, examines this header and makes a note in its 'translation table' 

INSIDE IP       INSIDE PORT    OUTSIDE IP     OUTSIDE PORT
---------------------------------------------------------------
192.168.1.1     1025           62.62.62.62
Now, just as each computer has 65000+ ports,  router also has 65000+ ports. It looks to see if port 1025 is available and in this case we will assume it is. It decides to use ITS port 1025 to send  data and notes this fact in the translation table 

INSIDE IP       INSIDE PORT    OUTSIDE IP     OUTSIDE PORT
---------------------------------------------------------------
192.168.1.1     1025           62.62.62.62    1025
This entry simply means, computer 192.168.1.1 (inside) used its port 1025 to send data to the public (outside) address 62.62.62.62... And the router sent this data from its own port 1025 (The 'outside port) 

It then sends the data... but only after changing the IP header 

packet received from LAN:
SOURCE = 192.168.1.1 :1025
DESTINATION = 62.62.62.62 :80

Packet sent to ISP:
SOURCE = 11.22.33.44 :1025
DESTINATION = 62.62.62.62 :80 

Notice that the destination is the same, but now the packets source is *ISP SUPPLIED* (or public) address. This is imortant since there may be billions of computers with the 'inside' IP 192.168.1.1 all over the world but there should only be one device with the unique public IP 11.22.33.44 ( router) ... and because of this, google knows unambiguously where to send the replies. 
Thats fine. But when  router receives a reply from google, how does it know which computer to send it to 

The IP header of the reply (google -> router) looks like this:
SOURCE = 62.62.62.62 :13948
DESTINATION = 11.22.33.44 :1025 


Translated packet as placed on LAN:
SOURCE = 62.62.62.62 :13948
DESTINATION = 192.168.1.1 :1025

And the packet is thus recieved by Machine A 

DO  NOT YOU THINK ITS FANTASTIC

How collisions are resolved when two machines use same Destination_IP / Local_PORT 


If Machine B also tried to contact google using a temporary outbound port 1025, but the routers port 1025 is 'in use' (possibly because of that last transaction involving Machine A) the router simply chooses a different port number. Thus it not only changes the IP from 192.168.1.2 to 11.22.33.44 but also the PORT from 1025 to perhaps 1027. And makes another note in the translation table:


INSIDE IP       INSIDE PORT    OUTSIDE IP     OUTSIDE PORT
---------------------------------------------------------------
192.168.1.1     1025           62.62.62.62    1025
192.168.1.2     1025           62.62.62.62    1027



Both machines have used the same inside port (1025) to talk to the same outside address (google at 62.62.62.62) but these are passed to google from different ports (1025 and 1027) and so, when replies come back to these two router ports it allows the router to identify where they belong.


The translation table above will convert:
Incoming data from outside address 62.62.62.62 arriving at routers outside port *1025* will be redirected to Machine A's port 1025 

Meanwhile...

Incoming data from outside address 62.62.62.62 arriving at routers outside port *1027* will be redirected to Machine B's port 1025 

And thats why both  machines can access the internet simultaneously even though 'the internet' sees only one IP. Each individual communication is differentiated by dynamically assigned port numbers.

NAT

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)