Network Address Translation

- [Instructor] Two different technologies that are very important for routing from one side to another or from the inside of a network out to the internet are going to be NAT and PAT. And NAT stands for Network Address Translation, and there's two different types of this, and we have Port Address Translation. Let's take a look at the first type of NAT which is called hide NAT or one to many. What happens is, is on the left-hand side our client computer makes a request. It wants to go to a web server, wants to go to a website all the way on the right-hand side. So it goes off to the firewall at 10.1.1.2. Now originally its IP address is 10.1.1.1 for the client. Keep that in mind. Now it goes through the firewall, it gets routed out to the internet cloud and what that means is a series of various different routers and switches on the internet until it gets to the internet service provider of the web server. And that's translated to 8.5.3.2, and what that means is you have a host record or a record out on the internet that's pointing to their favorite website such as google.com, and it's going to be translated to 8.5.3.2. It's not aware that the web server is really a 10.2.2.2, so the traffic goes into the web server and the web server serves up the page off to our client. The web server doesn't see the 10.1.1.1 address, it only sees the public address of the firewall on the client side. And the client doesn't see the web server address. It only sees the public IP address on the web server side. This is called hide NAT, and you can have many different computers on the 10.1.1.0 network, all hiding behind the 199.42.6.23 IP address. That is hide NAT, one to many. And also many to one, it just depends on your perspective. Are you going inbound or are you going outbound? Now let's look at static NAT. Let's forget all about protecting the computer on the left-hand side, let's talk about protecting the web server on the right-hand side. So once again, that traffic goes in from the client to the web server. I've also added an additional function to that web server, and that is I made it also an email server, and it's at 10.2.2.2 still, and all the traffic is going in from 8.5.3.2 and being translated and forwarded off to 10.2.2.2. So it's being protected by the firewall once again, but this time using what's called static NAT or one-to-one, there's a one-to-one relationship between the outside of the firewall and the inside IP address of the web slash email server. And all traffic on TCP, Transmission Control Protocol, is being forwarded, such as port 80, 443, 25, 587. All those different ones are being forwarded to that single address. Now many different smaller locations don't have multiple IP addresses, but if they have multiple servers, what do they do? Well, there's another technology for that and it's called PAT. And here is PAT doing what's called Port Address Translation. It doesn't rely on just the IP address, it also relies on the port. So you can see the traffic once again going from left to right, but this time it's being split. The traffic is being split based on the port at the transport layer, not at the network layer, at the transport layer which is where ports using TCP live. TCP stands for Transmission Control Protocol. It's a connection oriented protocol, and we can see various different applications use different ports to communicate. So a web server is typically going to communicate at ports 80 and 443. An email server is typically going to communicate at ports 25 and 587. And there are two different IP addresses. So when 8.5.3.2 receives a request, it says, "Hey, what ports do you want to use? "Do you want to use ports 80 or 443? "Okay, I'll send you over to the web server. "You want to use ports 25 or 587? "No problem, I'll send you over to the email server." So it's translating the ports also known as Port Address Translation. Hide NAT, static NAT, and PAT are all used in routing traffic through a firewall in either direction to keep computers safe by obfuscating their original IP address.