Please Whitelist This Site?
I know everyone hates ads. But please understand that I am providing premium content for free that takes hundreds of hours of time to research and write. I don't want to go to a pay-only model like some sites, but when more and more people block ads, I end up working for free. And I have a family to support, just like you. :)
If you like The TCP/IP Guide, please consider the download version. It's priced very economically and you can read all of it in a convenient format without ads.
If you want to use this site for free, I'd be grateful if you could add the site to the whitelist for Adblock. To do so, just open the Adblock menu and select "Disable on tcpipguide.com". Or go to the Tools menu and select "Adblock Plus Preferences...". Then click "Add Filter..." at the bottom, and add this string: "@@||tcpipguide.com^$document". Then just click OK.
Thanks for your understanding!
Sincerely, Charles Kozierok
Author and Publisher, The TCP/IP Guide
|
NOTE: Using software to mass-download the site degrades the server and is prohibited. If you want to read The TCP/IP Guide offline, please consider licensing it. Thank you.
|
|
|
|
IP NAT Port-Based ("Overloaded") Operation: Network Address Port Translation (NAPT) / Port Address Translation (PAT)
(Page 2 of 2)
Port-Based NAT Example
The operation of NAPT/PAT is very
similar to the way regular NAT works, except that port numbers are also
translated. For a traditional outbound transaction, the source port
number is changed on the request at the same time that the source address
is modified; the destination port number is modified on the response
with the destination address.
Let's consider again the
example we looked at in the topic on Traditional NAT,
but this time in a PAT environment. Device 10.0.0.207 was one of 250
hosts on a private network accessing the WWW server at 204.51.16.12.
Let's say that because PAT is being used, to save money all 250 are
sharing a single inside global address, 194.54.21.7, instead
of a pool of 20. The transaction would proceed as described in Table 76
and diagrammed in Figure 114.
Table 76: Operation Of Port-Based (Overloaded) NAT
Step #
|
Description
|
Datagram
Type
|
Datagram
Source Address:Port
|
Datagram
Destination Address:Port
|
1
|
Inside Client Generates Request
And Sends To NAT Router: Device 10.0.0.207 generates an HTTP request
to the server at 204.51.16.12. The standard server port for WWW is 80,
so the destination port of the request is 80; let's say the source port
on the client is 7000. The datagram is sent to the NAT-capable router
that connects the organization's internal network to the Internet.
|
Request
(from inside client to outside server)
|
10.0.0.207:7000
(Inside Local)
|
204.51.16.12:80
(Outside Local)
|
2
|
NAT Router
Translates Source Address And Port And Sends To Outside Server:
The NAT router realizes that 10.0.0.207 is an inside local address
and knows it must substitute an inside global address. Here though,
there are multiple hosts sharing the single inside global address
194.54.21.7. Lets say that port 7000 is already in use for that address
by another private host connection. The router substitutes the inside
global address and also chooses a new source port number, say 7224,
for this request. The destination address and port are not changed.
The NAT router puts the address and
port mapping into its translation table. It sends the modified datagram
out, which arrives at the server at 204.51.16.12.
|
194.54.21.7:7224
(Inside Global)
|
204.51.16.12
(Outside Global)
|
|
|
|
|
|
3
|
Outside
Server Generates Response And Sends Back To NAT Router: The server
at 204.51.16.12 generates an HTTP response. It of course has no idea
that NAT was involved; it sees an address of 194.54.21.7 and port of
7224 in the request sent to it, so it sends back to that address and
port.
|
Response
(from outside server to inside client)
|
204.51.16.12:80
(Outside Global)
|
194.54.21.7:7224
(Inside Global)
|
4
|
NAT Router Translates Destination
Address And Port And Delivers Datagram To Inside Client: The NAT
router sees the address 94.54.21.7 and port 7224 in the response that
arrived from the Internet. It consults its translation table and knows
this datagram is intended for 10.0.0.207, port 7000. This time the destination
address and port are changed but not the source. The router then delivers
the datagram back to the originating client.
|
204.51.16.12:80
(Outside Local)
|
10.0.0.207:7000
(Inside Local)
|
Figure 114: Operation Of Port-Based (Overloaded) NAT This figure is very similar to Figure 112, except that the source and destination port numbers have been shown, since they are used in this type of NAT. Translated addresses/ports are in bold. Table 76 contains a complete explanation of the four steps in port-based NAT. Refer to Figure 111 for an explanation of address types.
|
Key Concept: In port-based NAT, the NAT router translates the source address and port of an outgoing request from inside local to inside global form. It then transforms the destination address and port of the response from inside global to inside local. The outside local and outside global addresses are the same in both request and reply. |
One other issue related to NAPT/PAT
is worth mentioning: it assumes that all traffic uses either UDP or
TCP at the transport layer. While generally the case, this may not always
be true. If there is no port number, port translation cannot be done
and the method will not work.
If you find The TCP/IP Guide useful, please consider making a small Paypal donation to help the site, using one of the buttons below. You can also donate a custom amount using the far right button (not less than $1 please, or PayPal gets most/all of your money!) In lieu of a larger donation, you may wish to consider purchasing a download license of The TCP/IP Guide. Thanks for your support! |
|
|
Home -
Table Of Contents - Contact Us
The TCP/IP Guide (http://www.TCPIPGuide.com)
Version 3.0 - Version Date: September 20, 2005
© Copyright 2001-2005 Charles M. Kozierok. All Rights Reserved.
Not responsible for any loss resulting from the use of this site.
|