|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
 |
|
|
|
|
Mailing List
|
|
By Joining the mailing list you will be notified of site updates.
|
|
_______________
Show Your Support For
This Site By Donating:
_______________
|
|
|
Server Time:
9:36 PM
This Server Runs:
Red Hat Enterprise Linux 4
Kernel 2.6.9-42.0.2.EL #1
Apache 1.3.36 (Unix)
PHP 4.4.2
Perl 5.8.5
cPanel 10.8.2-STABLE 120
|
_______________
|
|
|
|
|
|
Questions? Call Our Office Today 941-306-3031
|
Audience: Newbies
Last Updated: 10/17/04 7:46 AM
Original Creation Date: 1/06/04 2:37 PM
**All times are EST**
|
|
NAT/IP Masquerading
By Erik Rodriguez
This article describes the concept of NAT. If you are sharing a broadband connection (cable, DSL, etc) you're using NAT.
NAT stands for Network Address Translation.
It is also commonly referred to as IP masquerading. Most Unix/Linux as well as Cisco documentation refer to NAT as IP masquerading. NAT performs several functions.
- Connects a number of clients through one global IP address.
- Connects your LAN to a WAN (WAN being your ISP)
- Performs DHCP
- Adds Security
Many people don't understand the concept of connecting a LAN to a WAN. While NAT performs DHCP using a 192.168.x.x IP scheme, it creates a LAN. There are variations
of the address as some routers chose to use 192.168.1.x or 192.168.2.x. So, if you are using a broadband connection from say Sprint, then you are technically a part
of their network. However, chances are you are somewhat distant from the Sprint central office; therefore it is classified as a WAN connection.
Now, DHCP (Dynamic Host Control
Protocol) This part of the router is responsible for assigning IP address to nodes on your LAN as they can change often from restarting,
adding, or removing machines. Below is a diagram of a NAT configuration.
The reason that NAT provides security is that it does not allow all incoming traffic to reach destination ports inside your LAN. The router decides which traffic
should be forwarded to the internal LAN or simply blocks the traffic.
You might have seen something called DMZ. DMZ stands for Demilitarized Zone. If you specify a machine for the DMZ, I recommend
at minimum you run a software firewall on that machine unless you are using the DMZ for an IDS or honeypot.
|
|
|
|
|
