cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1277
Views
10
Helpful
4
Replies

NAT

AhmedFarhat
Level 1
Level 1

Hi, i have a question about NAT

i think the NAT purpose is to translate the private ip address to the public ip address ( IP masquerading ) and no one has to know my ip address but hey the private networks is already known like 192.168.1.2 or 172.16.10.10 or 10.1.1.2 i can't understand this point, can any one explain this to me...thanks

 

2 Accepted Solutions

Accepted Solutions

Martin L
VIP
VIP

Yes, NAT purpose is to translate the private to the public IP addresses.  not sure term IP masquerading came from, probably it used in security and firewall.  But, from Outside of your network I cannot see what range you are using (192.168.1.x or 172.16.x.x or 10.x.x.x);  All I see is your Public IP address.

Furthermore, what is exactly your IP address, 192.168.1.2 or 192.168.1.3 or 192.168.1.20, etc.  To see details I would need access to your NAT/PAT router to see 1-to-1 translations. (show ip nat translations)

NAT/PAT solves shortage of Global range of IP addresses.

 

Regards, ML
**Please Rate All Helpful Responses **

 

View solution in original post

It has nothing to do with masquerading addresses, this is what a VPN or proxy could do.

 

The main reason NAT was created is to conserve the public IPV4 address space, RFC 1918 defines the private address classes, these addresses are not routable on the internet, hence have to be translated to public address(s) that are.

 

Re, can you establish a connection to a private IP address, yes and no. Given the above, it would have to be on a LAN and this is providing traffic to the service you are trying to reach is permitted from the source where you are attempting access.

 

Nodes communicate with other nodes using their unique IP addresses (binary), domain names such as cisco.com are meaningless to them. This is purely for human convenience, as humans remember names far easier than they do numbers.

 

This is analogous to you looking up a phone number in an address book for someone you wish to phone.

 

For example, this forum will be hosted on a webserver, you use a web browser (or app) to visit it, either way your node will be connecting to it's IP address on port 443 (https) this service is accessible to the "internet".

 

Martin

 

View solution in original post

4 Replies 4

Martin L
VIP
VIP

Yes, NAT purpose is to translate the private to the public IP addresses.  not sure term IP masquerading came from, probably it used in security and firewall.  But, from Outside of your network I cannot see what range you are using (192.168.1.x or 172.16.x.x or 10.x.x.x);  All I see is your Public IP address.

Furthermore, what is exactly your IP address, 192.168.1.2 or 192.168.1.3 or 192.168.1.20, etc.  To see details I would need access to your NAT/PAT router to see 1-to-1 translations. (show ip nat translations)

NAT/PAT solves shortage of Global range of IP addresses.

 

Regards, ML
**Please Rate All Helpful Responses **

 

and what if i knew specifically the IP address what can i do ? can i establish connection with a remote PC if i know just it's IP private address

Yes, but that is not major reason for NAT. Major reason is shortage of IPv4 in the Global range.  There are not enough IPv4 to give away to all.  Me and You (individuals) will not get a unique Global IP from ISP unless you are requesting one.  Small companies will get 1 Global IP to share among others using NAT/PAT.  Medium to large companies will get range of global IPs. 

Some "older" companies - Microsoft, Fairview, - have fixed range of global IPs to use. Still, they will use Private range as well.

 

It has nothing to do with masquerading addresses, this is what a VPN or proxy could do.

 

The main reason NAT was created is to conserve the public IPV4 address space, RFC 1918 defines the private address classes, these addresses are not routable on the internet, hence have to be translated to public address(s) that are.

 

Re, can you establish a connection to a private IP address, yes and no. Given the above, it would have to be on a LAN and this is providing traffic to the service you are trying to reach is permitted from the source where you are attempting access.

 

Nodes communicate with other nodes using their unique IP addresses (binary), domain names such as cisco.com are meaningless to them. This is purely for human convenience, as humans remember names far easier than they do numbers.

 

This is analogous to you looking up a phone number in an address book for someone you wish to phone.

 

For example, this forum will be hosted on a webserver, you use a web browser (or app) to visit it, either way your node will be connecting to it's IP address on port 443 (https) this service is accessible to the "internet".

 

Martin

 

Review Cisco Networking for a $25 gift card