Wiki

User Tools

Site Tools

Trace: anonymous_bridges
networking:nat

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

networking:nat [2021/02/03 20:28] – created peternetworking:nat [2021/02/03 21:46] (current) peter
Line 1: Line 1:
 ====== Networking - NAT ====== ====== Networking - NAT ======
  
 +**NAT** (Network Address Translation) translates the IP addresses of computers in the local network (LAN) to the single global global IP address (WAN).
 +
 +  * NAT, per [[https://tools.ietf.org/html/rfc1631|RFC 1631]], allows a single device, such as a router, to act as an agent between the Internet (WAN) and a local network (LAN).
 +
 +While each computer within the local network (LAN) has a specific IP address, external systems only see one IP address (WAN) when connecting to any of the computers within the network.
 +
 +  * The WAN usually has a single IP Address (which is what external systems see).
 +  * On the LAN each computer will have a unique IP address, typically in one or more of the [[https://tools.ietf.org/html/rfc1918|reserved address blocks]].<code>
 +10.0.0.0/      (10.0.0.0 - 10.255.255.255)
 +172.16.0.0/12    (172.16.0.0 - 172.31.255.255)
 +192.168.0.0/16   (192.168.0.0 - 192.168.255.255)
 +</code>
 +
 +This means that only a single unique IP address is required to represent an entire group of computers to anything outside their network.
 +
 +When packets pass through the NAT gateway, they will be modified so that they appear to be coming from the NAT gateway itself.  The NAT gateway will record the changes it makes in its state table so that it can:
 +
 +  * reverse the changes on return packets and;
 +  * ensure that returned packets are passed through the firewall and are not blocked.
 +
 +<WRAP info>
 +**NOTE:**  Neither the internal machine nor the Internet host is aware of these translation steps.
 +
 +  * To the internal machine, the NAT system is simply an internet gateway.
 +  * To the internet host, the packets appear to come directly from the NAT system; it is completely unaware that the internal workstation even exists. 
 +
 +</WRAP>
 +
 +----
 +
 +===== IP Forwarding =====
 +
 +IP forwarding is required so that that packets can travel between network interfaces:
 +
 +==== For IPv4 ====
 +
 +<code bash>
 +sysctl net.inet.ip.forwarding=1
 +echo  'net.inet.ip.forwarding=1' >> /etc/sysctl.conf
 +</code>
 +
 +----
 +
 +==== For IPv6 ====
 +
 +<code bash>
 +# sysctl net.inet6.ip6.forwarding=1
 +# echo  'net.inet6.ip6.forwarding=1' >> /etc/sysctl.conf
 +</code>
 +
 +----
 +
 +===== References =====
 +
 +[[https://tools.ietf.org/html/rfc1631|RFC 1631]]
 +
 +[[https://tools.ietf.org/html/rfc1918|RFC 1918]]
networking/nat.1612384095.txt.gz · Last modified: 2021/02/03 20:28 by peter
Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki