- Network Address Translation (NAT) and Port Address Translation (PAT) both map IP addresses on an internal network to IP addresses on an external network.
If you are connecting a site in the 10.10.10.0 network to a site in the 10.10.20.0 network, you could use NAT to translate 10.10.10.0 IP addresses to available 10.10.20.0 IP addresses so that hosts on the 10.10.10.0 network can access data and use network resources on the 10.10.20.0 network.
NAT requires a one-to-one relationship when translating IP addresses.
For example, two hosts that have been assigned the IP addresses 10.10.10.100 and 10.10.10.101, respectively, could send traffic to and receive traffic from the Internet by using the single public IP address 123.45.67.89.
PAT is also referred to as NAT overloading because it uses one IP address for all clients to multiple ports, whereas standard NAT uses a one-to-one IP address relationship per client
http://blog.boson.com/bid/53313/NAT-and-PAT-What-s-the-Difference
- Port Address Translation (PAT) is a feature of a network device
that translates communications made between hosts on a
private network and hosts on a public network.
• PAT allows a single public IP address to be used by many hosts
on the private network, which is usually a LAN.
• Cisco uses term PAT, while other vendors use different names:
— Microsoft: Internet Connection Sharing,
— Check Point: Hide-Mode NAT
• PAT is informally called router; gateway is more appropriate.
• PAT device sits at the network perimeter where one side connects the external network, usually the public Internet, and on
the other side an internal network using private IP addressing.
• PAT operation is typically transparent to both the internal and
external hosts.
When a host in the private network sends its first packet to
some host in the outside network (as either TCP SYN or UDP
segment), the PAT device replaces the inside source IP address
in the IP header with a single public IP.
• Also, it assigns to this connection a port number from the pool
of available ports, inserts this number in the TCP/UDP header
source port, and places the IP packet on the outside network.
• The PAT device then makes an entry in its translation table
containing the inside IP address, TCP or UDP, inside source
port, and assigned outside port.
• Subsequent packets from the same TCP connection on the
inside IP address are always translated to the same outside
port number (and outside IP address).
• The host in the external network receiving a data packet will
move the source IP address and source port as the
corresponding destination fields in any response it sends back.
• For packets arriving from outside, the PAT device operates on
IP destination address and TCP/UDP destination port:
— If the destination port number of the incoming TCP/UDP
segment is not found as an outside port in the translation
table, the IP packet is simple dropped.
— Otherwise, the corresponding inside IP address and inside
port number from the translation table replace, in the
incoming packet, the destination address in IP header and
the destination port in TCP/UDP header.
— And, the modified IP packet is placed on the inside network
A host at IP address 192.168.0.2 on a private network may ask
for TCP connection to a remote host on the public network
giving source address & source port 192.1680.2&15245.
• PAT device, with its public IP address 214.35.3.4, translates
this source address & source port pair to 214.35.3.4 & 16529
(16529 was available in the pool) and make an entry in its
internal table that port 16529 is in use by 192.168.0.2 on the
private network with TCP connection on port number 15245.
• When a packet is received from the public network by the PAT
device with 214.35.3.4&16529, the packet is forwarded to the
internal network with destination IP address changed to
192.168.0.2 and with the port destination changed to 15345.
Advantages:
— multiple internal hosts can share a single IP address for
communication, thus conserving precious IP addresses,
— hosts on the private network don’t have to exposed their
private IP addresses to the public network, making attacks
from the public network less likely.
Disadvantages:
— an organization using PAT and a single IP address cannot
easily run more than one of the same type of public service
behind a PAT, e.g. two Web public servers using the default
port 80; Also, a remote login is possible on
http://web.cse.ohio-state.edu/~athreya.14/cse3461-5461/Cse3461.NAT-PAT.pdf
- Port Address Translation
Port Address Translation (PAT) is an extension of Network Address Translation (NAT) that permits multiple devices on a LAN to be mapped to a single public IP address to conserve IP addresses.
PAT is similar to port forwarding except that an incoming packet with destination port (external port) is translated to a packet different destination port (an internal port). The Internet Service Provider (ISP) assigns a single IP address to the edge device. When a computer logs on to the Internet, this device assigns the client a port number that is appended to the internal IP address, giving the computer a unique IP address.
If another computer logs on the Internet, this device assigns it the same public IP address, but a different port number. Although both computers are sharing the same public IP address, this device knows which computer to send its packets, because the device uses the port numbers to assign the packets the unique internal IP address of the computers.
https://www.cisco.com/assets/sol/sb/RV320_Emulators/RV320_Emulator_v1-1-0-09/help/Setup13.html
No comments:
Post a Comment