Darksat IT Security Forums

Hardware, Software and Security => IT Security Forum => Topic started by: Darksat on April 08, 2007, 06:02:29 pm

Title: Network Address Translation
Post by: Darksat on April 08, 2007, 06:02:29 pm

Your firewallís number one job is to separate your private network from the Internet, and use that separation to keep the bad guys out. One firewall technology that helps to create this separation (and helps with the shortage of IP addresses) in Network Address Translation (NAT).

The main idea behind NAT is that most of the computers on your network should not be accessible from the Internet. One way to keep those computers from being Internet accessible is to assign them invalid IP addresses.

In a typical NAT deployment, the only valid IP address is assigned to the firewall, all of the machines protected by the firewall are assigned IP addresses that are valid only on the private network. When a PC on the private network needs to communicate with the outside world, the computer sends its request to the firewall. The firewall then places the request on behalf of the computer  that actually made the request. When the response to the request comes back, the request arrives at the firewall, and then the firewall sends the response to the appropriate computer on the private network. (http://www.windowsnetworking.com/articles_tutorials/Firewalls-101.html?&/)

For example, suppose that a user wanted to visit a Web site from a PC on the private network. The user would enter the siteís URL into their Web browser, and that would in turn get translated into an HTTP request. The request would go to the firewall, and then the firewall would use itís own IP address to place the HTTP request on behalf of the user. When the request is answered, the response goes to the firewall, and the firewall passes the response back to the user who originally made the request.