Linux Administration by Wale Soyinka
Author:Wale Soyinka
Language: eng
Format: epub
Tags: -
Publisher: McGraw-Hill Companies, Inc.
Published: 2012-02-01T16:00:00+00:00
Figure 13-1. Using SNAT on a connection
Alas, this raises a small problem3. The server is going to send back some packets—but how does the NAT device know which packet to send to whom? Herein lies the magic: The NAT device maintains an internal list of client connections and associated server connections called flows. Thus, in the first example, the NAT is maintaining a record that “192.168.1.1:1025 converts to 100.1.1.1:49001, which is communicating with 200.1.1.1:80.” When 200.1.1.1:80 sends a packet back to 100.1.1.1:49001, the NAT device automatically alters the packet so that the destination IP is set to 192.168.1.1:1025 and then passes it back to the client on the private network.
In its simplest form, a NAT device is tracking only flows. Each flow is kept open so long as it sees traffic. If the NAT does not see traffic on a given flow for some time, the flow is automatically removed. These flows have no idea about the content of the connection itself, only that traffic is passing between two endpoints, and it is the job of the NAT to ensure that the packets arrive as each endpoint expects.
Now let’s look at the reverse case, as shown in Figure 13-2: A client from the Internet wants to connect to a server on a private network through a NAT. Using DNAT in this situation, we can make it the NAT’s responsibility to accept packets on behalf of the server, transform the destination IP of the packets, and then deliver them to the server. When the server returns packets to the client, the NAT engine must look up the associated flow and change the packet’s source IP address so that it reads from the NAT device rather than from the server itself. Turning this into the IP addresses shown in Figure 13-2, we see a server on 192.168.1.5:80 and a client on 200.2.2.2:1025. The client connects to the NAT IP address, 100.1.1.1:80, and the NAT transforms the packet so that the destination IP address is 192.168.1.5. When the server sends a packet back, the NAT device does the reverse, so the client thinks that it is talking to 100.1.1.1. (Note that this particular form of NAT is also referred to as port address translation, or PAT.)
Download
This site does not store any files on its server. We only index and link to content provided by other sites. Please contact the content providers to delete copyright contents if any and email us, we'll remove relevant links or contents immediately.
Sass and Compass in Action by Wynn Netherland Nathan Weizenbaum Chris Eppstein Brandon Mathis(7810)
Grails in Action by Glen Smith Peter Ledbrook(7719)
Configuring Windows Server Hybrid Advanced Services Exam Ref AZ-801 by Chris Gill(6847)
Azure Containers Explained by Wesley Haakman & Richard Hooper(6847)
Running Windows Containers on AWS by Marcio Morales(6373)
Kotlin in Action by Dmitry Jemerov(5092)
Microsoft 365 Identity and Services Exam Guide MS-100 by Aaron Guilmette(5074)
Combating Crime on the Dark Web by Nearchos Nearchou(4649)
Microsoft Cybersecurity Architect Exam Ref SC-100 by Dwayne Natwick(4623)
Management Strategies for the Cloud Revolution: How Cloud Computing Is Transforming Business and Why You Can't Afford to Be Left Behind by Charles Babcock(4438)
The Ruby Workshop by Akshat Paul Peter Philips Dániel Szabó and Cheyne Wallace(4339)
The Age of Surveillance Capitalism by Shoshana Zuboff(3980)
Python for Security and Networking - Third Edition by José Manuel Ortega(3899)
The Ultimate Docker Container Book by Schenker Gabriel N.;(3558)
Learn Wireshark by Lisa Bock(3537)
Learn Windows PowerShell in a Month of Lunches by Don Jones(3528)
Mastering Python for Networking and Security by José Manuel Ortega(3376)
Mastering Azure Security by Mustafa Toroman and Tom Janetscheck(3356)
Blockchain Basics by Daniel Drescher(3326)
