Network Address Translation (NAT)recom.blog.unq.edu.ar/wp-content/uploads/sites/50/2015/11/8... ·...
Transcript of Network Address Translation (NAT)recom.blog.unq.edu.ar/wp-content/uploads/sites/50/2015/11/8... ·...
![Page 1: Network Address Translation (NAT)recom.blog.unq.edu.ar/wp-content/uploads/sites/50/2015/11/8... · NAT/PAT con IPCop. Port Forwarding. Port Forwarding Port Forwarding: Servicio que](https://reader030.fdocuments.net/reader030/viewer/2022020316/5b9d414109d3f253158be116/html5/thumbnails/1.jpg)
Network Address
Translation (NAT)
![Page 2: Network Address Translation (NAT)recom.blog.unq.edu.ar/wp-content/uploads/sites/50/2015/11/8... · NAT/PAT con IPCop. Port Forwarding. Port Forwarding Port Forwarding: Servicio que](https://reader030.fdocuments.net/reader030/viewer/2022020316/5b9d414109d3f253158be116/html5/thumbnails/2.jpg)
NAT: Necesidad
�Escasez de direcciones IP reales
�Esta idea es aún debatible, pero…
�El hecho de que Internet empezóen E.E.U.U
significóuna repartición desbalanceada
�Dificultad en obtener bloques
�Necesidad de NICs regionales
�Ver LACNIC:
�http://www.lacnic.netv
![Page 3: Network Address Translation (NAT)recom.blog.unq.edu.ar/wp-content/uploads/sites/50/2015/11/8... · NAT/PAT con IPCop. Port Forwarding. Port Forwarding Port Forwarding: Servicio que](https://reader030.fdocuments.net/reader030/viewer/2022020316/5b9d414109d3f253158be116/html5/thumbnails/3.jpg)
NAT: Necesidad
�Seguridad
�Los bloques RFC-1918 no son ‘enrutados’
�Los routers suelen bloquear cualquier paquete con estas
direcciones en origen o destino
�Ningún AS debe publicar estos bloques
�Se enmascara la topología de la red interna
�Gestión
�Protegerse de los cambios de bloques del ISP
![Page 4: Network Address Translation (NAT)recom.blog.unq.edu.ar/wp-content/uploads/sites/50/2015/11/8... · NAT/PAT con IPCop. Port Forwarding. Port Forwarding Port Forwarding: Servicio que](https://reader030.fdocuments.net/reader030/viewer/2022020316/5b9d414109d3f253158be116/html5/thumbnails/4.jpg)
RFC 1918
�Asigna varios bloques para uso
interno y privado
10.0.0.0 -10.255.255.255 (10/8 prefix)
172.16.0.0 -172.31.255.255 (172.16/12 prefix)
192.168.0.0 -192.168.255.255 (192.168/16 prefix)
�¿Consecuencias de usar o no usar
estos bloques?
![Page 5: Network Address Translation (NAT)recom.blog.unq.edu.ar/wp-content/uploads/sites/50/2015/11/8... · NAT/PAT con IPCop. Port Forwarding. Port Forwarding Port Forwarding: Servicio que](https://reader030.fdocuments.net/reader030/viewer/2022020316/5b9d414109d3f253158be116/html5/thumbnails/5.jpg)
NAT -Generalidades
�ElespaciodedireccionamientoIP version 4es
limitado.
�En 1990, sepensaba queeldireccionamientoIP se
agotaria
�Secrean mejorasynuevas tecnologias que
permiter superarlosinconvenientes.
�Unadeestas nuevas tecnologias aplicablesa IPv4
esel Network Address Translation (NAT).
![Page 6: Network Address Translation (NAT)recom.blog.unq.edu.ar/wp-content/uploads/sites/50/2015/11/8... · NAT/PAT con IPCop. Port Forwarding. Port Forwarding Port Forwarding: Servicio que](https://reader030.fdocuments.net/reader030/viewer/2022020316/5b9d414109d3f253158be116/html5/thumbnails/6.jpg)
NAT -Terminologia
�Direcciones Interiores–direcciones internasdenuestrared
quesonsujetasa latraslacion.
�Sondirecciones definidasen la RFC 1918.
�Direcciones Externas–direcciones ubicadas fueradenuestra
red.
�Usualmente estassondirecciones validas ubicadasen
Internet.
![Page 7: Network Address Translation (NAT)recom.blog.unq.edu.ar/wp-content/uploads/sites/50/2015/11/8... · NAT/PAT con IPCop. Port Forwarding. Port Forwarding Port Forwarding: Servicio que](https://reader030.fdocuments.net/reader030/viewer/2022020316/5b9d414109d3f253158be116/html5/thumbnails/7.jpg)
NAT -Terminologia
�Interioreslocales–Direcciones asignadasyconfiguradasa
cualquierhostque pertenecea la red local.
�Interiores globales–direccionde un hostinterno como aparece
en el exterior. Ladireccion internaglobalesladireccion quese
traslada. Estas direccionessonlas queel ISP oprestadordelservicio
nos asigna para poder accedera Internet.
![Page 8: Network Address Translation (NAT)recom.blog.unq.edu.ar/wp-content/uploads/sites/50/2015/11/8... · NAT/PAT con IPCop. Port Forwarding. Port Forwarding Port Forwarding: Servicio que](https://reader030.fdocuments.net/reader030/viewer/2022020316/5b9d414109d3f253158be116/html5/thumbnails/8.jpg)
NAT -Terminologia
�ExternaLocal–DireccionIP address de un host
externo comolareconoceun hostinterno.
�ExternaGlobal–DireccionIPconfiguraday
asignadaacualquierhost de la redexterna.
Externalocal yExternaglobal
![Page 9: Network Address Translation (NAT)recom.blog.unq.edu.ar/wp-content/uploads/sites/50/2015/11/8... · NAT/PAT con IPCop. Port Forwarding. Port Forwarding Port Forwarding: Servicio que](https://reader030.fdocuments.net/reader030/viewer/2022020316/5b9d414109d3f253158be116/html5/thumbnails/9.jpg)
NAT -Funciones
�Translaciondedirecciones InternasLocales
�NAT
�Sobrecargadedirecciones Internas Globales
�PAT
�DistribuciondecargaTCP
�Traslacion Dinamicadelas direcciones destino.
�Gestionderedes superpuestas
�Sepuede utilizarNAT pararesolver losproblemas surgidos
cuando direcciones internassesuperponencondirecciones
de la redexterna
![Page 10: Network Address Translation (NAT)recom.blog.unq.edu.ar/wp-content/uploads/sites/50/2015/11/8... · NAT/PAT con IPCop. Port Forwarding. Port Forwarding Port Forwarding: Servicio que](https://reader030.fdocuments.net/reader030/viewer/2022020316/5b9d414109d3f253158be116/html5/thumbnails/10.jpg)
NAT
128.23.2.2 10.0.0.3 .... Data
DA
SA
IP Header
128.23.2.2 179.9.8.80 .... Data
DA
SA
IP Header
�Traslaciondeuna direccionOrigenPrivadaauna direccion
OrigenPublica.
12
12
![Page 11: Network Address Translation (NAT)recom.blog.unq.edu.ar/wp-content/uploads/sites/50/2015/11/8... · NAT/PAT con IPCop. Port Forwarding. Port Forwarding Port Forwarding: Servicio que](https://reader030.fdocuments.net/reader030/viewer/2022020316/5b9d414109d3f253158be116/html5/thumbnails/11.jpg)
�Translacionde direccionIPDestino PublicaadireccionIPDestino
Privada.
179.9.8.80 128.23.2.2 .... Data
DA
SA
IP Header
10.0.0.3 128.23.2.2 .... Data
DA
SA
IP Header
34
34
NAT
![Page 12: Network Address Translation (NAT)recom.blog.unq.edu.ar/wp-content/uploads/sites/50/2015/11/8... · NAT/PAT con IPCop. Port Forwarding. Port Forwarding Port Forwarding: Servicio que](https://reader030.fdocuments.net/reader030/viewer/2022020316/5b9d414109d3f253158be116/html5/thumbnails/12.jpg)
NAT
![Page 13: Network Address Translation (NAT)recom.blog.unq.edu.ar/wp-content/uploads/sites/50/2015/11/8... · NAT/PAT con IPCop. Port Forwarding. Port Forwarding Port Forwarding: Servicio que](https://reader030.fdocuments.net/reader030/viewer/2022020316/5b9d414109d3f253158be116/html5/thumbnails/13.jpg)
NAT -Estatico
�Latraslacion estatica ocurre cuando una direccion esta
configuradaen formaespecificaen latabladebusqueda.
�Una direccion internalocalsecorrelaciona especificamentecon
una direccion internaglobal.
�Lasdirecciones internalocaleinternaglobalsemapean unaa
una.
�Esto significa que por cada direccion internalocalserequiere
una direccion internaglobal.
![Page 14: Network Address Translation (NAT)recom.blog.unq.edu.ar/wp-content/uploads/sites/50/2015/11/8... · NAT/PAT con IPCop. Port Forwarding. Port Forwarding Port Forwarding: Servicio que](https://reader030.fdocuments.net/reader030/viewer/2022020316/5b9d414109d3f253158be116/html5/thumbnails/14.jpg)
ConfiguracionNATEstatico
![Page 15: Network Address Translation (NAT)recom.blog.unq.edu.ar/wp-content/uploads/sites/50/2015/11/8... · NAT/PAT con IPCop. Port Forwarding. Port Forwarding Port Forwarding: Servicio que](https://reader030.fdocuments.net/reader030/viewer/2022020316/5b9d414109d3f253158be116/html5/thumbnails/15.jpg)
ConfiguracionNATEstatico
![Page 16: Network Address Translation (NAT)recom.blog.unq.edu.ar/wp-content/uploads/sites/50/2015/11/8... · NAT/PAT con IPCop. Port Forwarding. Port Forwarding Port Forwarding: Servicio que](https://reader030.fdocuments.net/reader030/viewer/2022020316/5b9d414109d3f253158be116/html5/thumbnails/16.jpg)
ConfiguracionNATDinamico
![Page 17: Network Address Translation (NAT)recom.blog.unq.edu.ar/wp-content/uploads/sites/50/2015/11/8... · NAT/PAT con IPCop. Port Forwarding. Port Forwarding Port Forwarding: Servicio que](https://reader030.fdocuments.net/reader030/viewer/2022020316/5b9d414109d3f253158be116/html5/thumbnails/17.jpg)
ConfiguracionNATDinamico
Translacionesaeste rango
dedirecciones exteriores
Coincidenciade la
dir.IPOrigen
![Page 18: Network Address Translation (NAT)recom.blog.unq.edu.ar/wp-content/uploads/sites/50/2015/11/8... · NAT/PAT con IPCop. Port Forwarding. Port Forwarding Port Forwarding: Servicio que](https://reader030.fdocuments.net/reader030/viewer/2022020316/5b9d414109d3f253158be116/html5/thumbnails/18.jpg)
PAT –Port Address Translation
�PAT (Port Address Translation) posibilitaelusodeuna unica
direccion publicayasignarlaa,hasta65,536 hosts internos.
�El PAT modificalospuertos origenTCP/UDP.
![Page 19: Network Address Translation (NAT)recom.blog.unq.edu.ar/wp-content/uploads/sites/50/2015/11/8... · NAT/PAT con IPCop. Port Forwarding. Port Forwarding Port Forwarding: Servicio que](https://reader030.fdocuments.net/reader030/viewer/2022020316/5b9d414109d3f253158be116/html5/thumbnails/19.jpg)
PAT Ejemplo
128.23.2.2 10.0.0.3 80 1331 Data
DA
SA
IP Header
DP
SP
TCP/UDP
Header
128.23.2.2 10.0.0.2 80 1555 Data
DA
SA
IP Header
DP
SP
TCP/UDP
Header
128.23.2.2 179.9.8.80 80 3333 Data
DA
SA
IP Header
DP
SP
TCP/UDP
Header
128.23.2.2 179.9.8.80 80 2222 Data
DA
SA
IP Header
DP
SP
TCP/UDP
Header
NAT/PAT DA, SA, SP
12
![Page 20: Network Address Translation (NAT)recom.blog.unq.edu.ar/wp-content/uploads/sites/50/2015/11/8... · NAT/PAT con IPCop. Port Forwarding. Port Forwarding Port Forwarding: Servicio que](https://reader030.fdocuments.net/reader030/viewer/2022020316/5b9d414109d3f253158be116/html5/thumbnails/20.jpg)
PAT Ejemplo
179.9.8.80 128.23.2.2 3333 80 Data
DA
SA
IP Header
DP
SP
TCP/UDP
Header
179.9.8.80 128.23.2.2 2222 80 Data
DA
SA
IP Header
DP
SP
TCP/UDP
Header
10.0.0.3 128.23.2.2 1331 80 Data
DA
SA
IP Header
DP
SP
TCP/UDP
Header
10.0.0.2 128.23.2.2 1555 80 Data
DA
SA
IP Header
DP
SP
TCP/UDP
Header
43
![Page 21: Network Address Translation (NAT)recom.blog.unq.edu.ar/wp-content/uploads/sites/50/2015/11/8... · NAT/PAT con IPCop. Port Forwarding. Port Forwarding Port Forwarding: Servicio que](https://reader030.fdocuments.net/reader030/viewer/2022020316/5b9d414109d3f253158be116/html5/thumbnails/21.jpg)
PAT –Port Address Translation
�Con PAT multiplesdireccionesIP privadas comparten unasola
direccionIPpublica(muchosauno).
�Resuelvelalimitacionde NAT detraslaciondelunoauno.
![Page 22: Network Address Translation (NAT)recom.blog.unq.edu.ar/wp-content/uploads/sites/50/2015/11/8... · NAT/PAT con IPCop. Port Forwarding. Port Forwarding Port Forwarding: Servicio que](https://reader030.fdocuments.net/reader030/viewer/2022020316/5b9d414109d3f253158be116/html5/thumbnails/22.jpg)
PAT –Port Address Translation
128.23.2.2 10.0.0.3 80 1331 Data
DA
SA
IP Header
DP
SP
TCP/UDP
Header
128.23.2.2 10.0.0.2 80 1555 Data
DA
SA
IP Header
DP
SP
TCP/UDP
Header
128.23.2.2 179.9.8.80 80 3333 Data
DA
SA
IP Header
DP
SP
TCP/UDP
Header
128.23.2.2 179.9.8.80 80 2222 Data
DA
SA
IP Header
DP
SP
TCP/UDP
Header
12
![Page 23: Network Address Translation (NAT)recom.blog.unq.edu.ar/wp-content/uploads/sites/50/2015/11/8... · NAT/PAT con IPCop. Port Forwarding. Port Forwarding Port Forwarding: Servicio que](https://reader030.fdocuments.net/reader030/viewer/2022020316/5b9d414109d3f253158be116/html5/thumbnails/23.jpg)
ConfiguracionPAT –Cisco
�En esteejemplounasolo se utiliza una direccionIP publica, via PAT,
lospuertos origen, valenparadiferenciardiferentesflujosde
conexion.
![Page 24: Network Address Translation (NAT)recom.blog.unq.edu.ar/wp-content/uploads/sites/50/2015/11/8... · NAT/PAT con IPCop. Port Forwarding. Port Forwarding Port Forwarding: Servicio que](https://reader030.fdocuments.net/reader030/viewer/2022020316/5b9d414109d3f253158be116/html5/thumbnails/24.jpg)
Configure PAT –Overload
![Page 25: Network Address Translation (NAT)recom.blog.unq.edu.ar/wp-content/uploads/sites/50/2015/11/8... · NAT/PAT con IPCop. Port Forwarding. Port Forwarding Port Forwarding: Servicio que](https://reader030.fdocuments.net/reader030/viewer/2022020316/5b9d414109d3f253158be116/html5/thumbnails/25.jpg)
NAT/PAT con IPCop
![Page 26: Network Address Translation (NAT)recom.blog.unq.edu.ar/wp-content/uploads/sites/50/2015/11/8... · NAT/PAT con IPCop. Port Forwarding. Port Forwarding Port Forwarding: Servicio que](https://reader030.fdocuments.net/reader030/viewer/2022020316/5b9d414109d3f253158be116/html5/thumbnails/26.jpg)
Port Forwarding
![Page 27: Network Address Translation (NAT)recom.blog.unq.edu.ar/wp-content/uploads/sites/50/2015/11/8... · NAT/PAT con IPCop. Port Forwarding. Port Forwarding Port Forwarding: Servicio que](https://reader030.fdocuments.net/reader030/viewer/2022020316/5b9d414109d3f253158be116/html5/thumbnails/27.jpg)
Port Forwarding
�Port Forwarding: Servicio que permite
acceso limitado a laLAN interna desde el
exterior
1.Sourceport(conexión desde el exterior)
2.80 para webservers
3.20 para FTP servers
4.25 para mail servers…
5.DestinationIP (IPdel servidor: 192.168.3.3)
6.Destinationport(puerto configurado en el servidor)
![Page 28: Network Address Translation (NAT)recom.blog.unq.edu.ar/wp-content/uploads/sites/50/2015/11/8... · NAT/PAT con IPCop. Port Forwarding. Port Forwarding Port Forwarding: Servicio que](https://reader030.fdocuments.net/reader030/viewer/2022020316/5b9d414109d3f253158be116/html5/thumbnails/28.jpg)
Port Forwarding
![Page 29: Network Address Translation (NAT)recom.blog.unq.edu.ar/wp-content/uploads/sites/50/2015/11/8... · NAT/PAT con IPCop. Port Forwarding. Port Forwarding Port Forwarding: Servicio que](https://reader030.fdocuments.net/reader030/viewer/2022020316/5b9d414109d3f253158be116/html5/thumbnails/29.jpg)
Más información
�Documentos IETF (www.ietf.org)
�RFC-1918: Address Allocation for Private
Internets
�RFC-1631:The IP Network Address Translator
(NAT)
�RFC-2993: Architectural Implications of NAT
�RFC-3027: Protocol Complications with the IP
Network Address Translator