Table of Contents
Networking - NAT
NAT (Network Address Translation) translates the IP addresses of computers in the local network (LAN) to the single global global IP address (WAN).
- NAT, per RFC 1631, allows a single device, such as a router, to act as an agent between the Internet (WAN) and a local network (LAN).
While each computer within the local network (LAN) has a specific IP address, external systems only see one IP address (WAN) when connecting to any of the computers within the network.
- The WAN usually has a single IP Address (which is what external systems see).
- On the LAN each computer will have a unique IP address, typically in one or more of the reserved address blocks.
10.0.0.0/8 (10.0.0.0 - 10.255.255.255) 172.16.0.0/12 (172.16.0.0 - 172.31.255.255) 192.168.0.0/16 (192.168.0.0 - 192.168.255.255)
This means that only a single unique IP address is required to represent an entire group of computers to anything outside their network.
When packets pass through the NAT gateway, they will be modified so that they appear to be coming from the NAT gateway itself. The NAT gateway will record the changes it makes in its state table so that it can:
- reverse the changes on return packets and;
- ensure that returned packets are passed through the firewall and are not blocked.
NOTE: Neither the internal machine nor the Internet host is aware of these translation steps.
- To the internal machine, the NAT system is simply an internet gateway.
- To the internet host, the packets appear to come directly from the NAT system; it is completely unaware that the internal workstation even exists.
IP Forwarding
IP forwarding is required so that that packets can travel between network interfaces:
For IPv4
sysctl net.inet.ip.forwarding=1 echo 'net.inet.ip.forwarding=1' >> /etc/sysctl.conf
For IPv6
# sysctl net.inet6.ip6.forwarding=1 # echo 'net.inet6.ip6.forwarding=1' >> /etc/sysctl.conf