Solved: Re: [NAT/PAT] how does it work ?

jeremydaix · ‎03-25-2020

Hi everyone,

i'm looking to simulate internet on my network. Here is my architecture

I want to be able to ping from any lan to internet. So to simulate internet i put a default route on my RN router so my ping is able to reach internet but i have no return. If i want to have a return i think i must configure nat on that router no ?

I want to know how does it work ? because i tried to configure it but it didn't work very well

I join my pkt file if anyone want to look at it

thank you

Joseph W. Doherty · ‎03-25-2020

First thing I noticed, your RN router has a private address block /30 to cluster zero. Where you need to use NAT/PAT is on the device to convert private IP addresses to one (or more) public IP address that can be accepted on the Internet.

I.e. you either need to do NAT/PAT at cluster zero, or get a usable public IP(s) on the "outside" (i.e. Internet facing) of the RN router and then configure NAT/PAT on it.

As to how NAT/PAT works, in brief, NAT maintains a pool of public IP addresses and as flows pass though the device, it changes a flow's private IP address to/from one of the pooled public IP addresses. NAT works very well, but as it requires on public IP for every active private IP, it often runs short of public IP addresses.

PAT can use one public IP for many private IPs. It does this magic by also changing port numbers (of which there are very many often not being used). The problem with this approach, some protocols embed port numbers beyond what's in their IP headers. So, for PAT to work well it often also requires analysis of a packet's contents and "fixes" things, if needed.

View solution in original post

Joseph W. Doherty · ‎03-25-2020

First thing I noticed, your RN router has a private address block /30 to cluster zero. Where you need to use NAT/PAT is on the device to convert private IP addresses to one (or more) public IP address that can be accepted on the Internet.

I.e. you either need to do NAT/PAT at cluster zero, or get a usable public IP(s) on the "outside" (i.e. Internet facing) of the RN router and then configure NAT/PAT on it.

As to how NAT/PAT works, in brief, NAT maintains a pool of public IP addresses and as flows pass though the device, it changes a flow's private IP address to/from one of the pooled public IP addresses. NAT works very well, but as it requires on public IP for every active private IP, it often runs short of public IP addresses.

PAT can use one public IP for many private IPs. It does this magic by also changing port numbers (of which there are very many often not being used). The problem with this approach, some protocols embed port numbers beyond what's in their IP headers. So, for PAT to work well it often also requires analysis of a packet's contents and "fixes" things, if needed.

jeremydaix · ‎03-25-2020

thank you for your reply !

I applied what you said and now it work perfectly well and i better understand how nat/pat work