5.5 NAT
Network Address Translation (NAT) is a technique used in networking to translate private IP addresses used in a local network into a public IP address before packets are forwarded to the internet. This allows multiple devices on a local network to share a single public IP address.
β Why Use NAT?
- Conserves public IP addresses.
- Adds a layer of security by hiding internal IPs.
- Required when private IPs (like 192.168.x.x) need to access the internet.
π§ Types of NAT
- Static NAT β One-to-one mapping of internal to public IP.
- Dynamic NAT β Pool of public IPs assigned as needed.
- PAT (Port Address Translation) β Many-to-one using ports (most common).
1. Configuring NAT
2. π Simple NAT Example in Cisco Packet Tracer
π― Goal: PC in a private network (192.168.1.x) accesses the internet using a router with NAT.
π₯ Network Setup
| Device | IP Address | Interface |
|---|---|---|
| PC0 | 192.168.1.10 | --- |
| Router | Fa0/0: 192.168.1.1 (Inside) | Fa0/1: 203.0.113.2 (Outside) |
| Server | 203.0.113.5 (Public Web Server) | --- |
π Step-by-Step in Packet Tracer
1. Add Devices
- 1 PC
- 1 Router
- 1 Server
- 2 Switches (optional, for realism)
2. Configure IPs
PC0:
IP: 192.168.1.10Subnet: 255.255.255.0Gateway: 192.168.1.1Router:
interface fa0/0 ip address 192.168.1.1 255.255.255.0 ip nat inside no shutdown
interface fa0/1 ip address 203.0.113.2 255.255.255.0 ip nat outside no shutdownServer:
IP: 203.0.113.5Subnet: 255.255.255.03. Configure NAT on Router
access-list 1 permit 192.168.1.0 0.0.0.255
ip nat inside source list 1 interface fa0/1 overloadπ This means:
- NAT will translate packets from 192.168.1.x range
- It will use the public IP of interface
fa0/1 - Overload means multiple internal IPs can share one public IP using ports (PAT)
4. Test
- From PC0, open Command Prompt
- Type:
ping 203.0.113.5
If NAT is configured correctly, the ping will succeed.
In networking, ACLs (Access Control Lists) are rules used to control the flow of traffic into or out of a network. Theyβre used mainly on routers, switches, and firewalls to filter traffic based on specified conditions.
π What an ACL Does
An ACL defines what kind of traffic is allowed or denied. Each rule in the list checks packet attributes like:
- Source IP address
- Destination IP address
- Port numbers (e.g., TCP/UDP ports)
- Protocol (e.g., TCP, UDP, ICMP)
π Types of ACLs
-
Standard ACL
- Filters only by source IP address
- Example: Allow traffic from 192.168.1.0/24
-
Extended ACL
- Filters by source/destination IP, ports, and protocol
- More precise control
- Example: Allow HTTP traffic from 192.168.1.0/24 to 10.0.0.0/24
-
Named ACL
- Same as standard/extended but uses a name instead of a number
βοΈ Where ACLs Are Applied
- Inbound: Before the router processes the packet
- Outbound: After processing, before forwarding
β Example (Cisco-style)
access-list 100 permit tcp 192.168.1.0 0.0.0.255 any eq 80This allows HTTP (TCP port 80) traffic from 192.168.1.0/24 to any destination.
1. Standard ACL
ACL - 01