Linux System Administration

0 of 85 lessons complete (0%)

TCP/IP Firewall and IP Masquerade

Network Address Translation (NAT) Types

You don’t have access to this lesson

Please register or sign in to access the course content.

Network Address Translation (NAT) is a technique used in computer networking to map private IP addresses to a single public IP address, allowing multiple devices within a private network to share a single public IP for internet access. There are several types of NAT, each serving different purposes. Here are the main types of NAT:

1. Static NAT:

  • Description: Static NAT is a one-to-one mapping between a private IP address and a public IP address. It provides a consistent mapping that does not change over time.
  • Use Case: Commonly used for hosting services (like web servers) inside a private network, making them accessible from the internet.
  • Example: Mapping private IP 192.168.0.10 to public IP 203.0.113.10.

2. Dynamic NAT:

  • Description: Dynamic NAT maps private IP addresses to public IPs from a pool of available addresses. It allows multiple devices to share a limited number of public IPs.
  • Use Case: Used in environments where a large number of devices need to access the internet, but the number of available public IPs is limited.
  • Example: A company with 100 computers using a pool of 20 public IPs for internet access.

3. Overloading (Port Address Translation – PAT):

  • Description: Also known as Port Address Translation (PAT), it maps multiple private IP addresses to a single public IP address using different ports. Each device is identified by the combination of its private IP address and port number.
  • Use Case: Used in home or small office environments where a single public IP is shared among multiple devices.
  • Example: Multiple devices in a home network (e.g., PCs, phones) all access the internet through a single public IP, with each connection having a unique port.

4. Dynamic Host Configuration Protocol (DHCP) NAT:

  • Description: DHCP NAT is a variation of dynamic NAT where the mapping is determined by the DHCP server. When a device requests an IP address via DHCP, it is assigned a public IP from the pool.
  • Use Case: Useful in environments where devices frequently change or require dynamic IP assignment.
  • Example: A cafe or public hotspot providing internet access to its customers.

5. NAT64:

  • Description: NAT64 is used to allow IPv6-only devices to communicate with IPv4-only devices. It translates IPv6 packets to IPv4 and vice versa.
  • Use Case: Facilitates communication between devices using different IP versions in transitioning networks.
  • Example: Enabling communication between an IPv6-only mobile device and an IPv4-only web server.

6. NAT66:

  • Description: NAT66 is similar to NAT64, but it allows for translation between two IPv6 networks. It’s used when organizations have multiple internal IPv6 networks.
  • Use Case: Enables communication between separate IPv6 networks, each with its own address space.
  • Example: Connecting two IPv6 networks in a large organization.

7. Bi-directional NAT:

  • Description: Bi-directional NAT is used when both inbound and outbound traffic need translation. It is often used in scenarios where a network is located behind two NAT devices.
  • Use Case: Commonly used in complex network setups where multiple layers of NAT are implemented.
  • Example: A network located behind both a router and a firewall, each performing NAT.

Choosing the appropriate type of NAT depends on the specific requirements of the network, including the number of available public IP addresses, the need for consistent mappings, and the nature of the devices and services being used.

1. Static NAT:

# Redirect traffic from a specific port on the public IP to a specific internal IP and port
iptables -t nat -A PREROUTING -p tcp --dport 80 -j DNAT --to-destination 192.168.0.10:80

2. Dynamic NAT:

# Enable IP forwarding
echo 1 > /proc/sys/net/ipv4/ip_forward

# Configure dynamic NAT (replace interfaces and IP ranges as needed)
iptables -t nat -A POSTROUTING -o eth0 -s 192.168.0.0/24 -j MASQUERADE

3. Overloading (Port Address Translation – PAT):

# Enable IP forwarding
echo 1 > /proc/sys/net/ipv4/ip_forward

# Configure PAT (replace interfaces as needed)
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

4. Dynamic Host Configuration Protocol (DHCP) NAT:

# Enable IP forwarding
echo 1 > /proc/sys/net/ipv4/ip_forward

# Configure DHCP NAT (replace interfaces as needed)
iptables -t nat -A POSTROUTING -o eth0 -s 192.168.0.0/24 -j MASQUERADE

5. NAT64:

# Enable IP forwarding
echo 1 > /proc/sys/net/ipv4/ip_forward

# Configure NAT64 (replace interfaces and IPv6 prefix as needed)
ip6tables -t nat -A PREROUTING -p tcp -d 64:ff9b::/96 --dport 80 -j DNAT --to-destination 192.168.0.10:80

6. NAT66:

# Enable IP forwarding
echo 1 > /proc/sys/net/ipv4/ip_forward

# Configure NAT66 (replace interfaces as needed)
ip6tables -t nat -A POSTROUTING -o eth0 -s 2001:db8:1::/64 -j MASQUERADE

7. Bi-directional NAT:

# Enable IP forwarding
echo 1 > /proc/sys/net/ipv4/ip_forward

# Configure bi-directional NAT (replace interfaces and IP ranges as needed)
iptables -t nat -A PREROUTING -i eth0 -d public_ip1 -j DNAT --to-destination internal_ip1
iptables -t nat -A POSTROUTING -o eth1 -s internal_ip1 -j SNAT --to-source public_ip1

Please ensure that you understand the implications of these rules and adjust them to fit your specific network environment. Additionally, these rules may not persist across reboots, so consider using tools like iptables-persistent or integrating these commands into your system’s startup scripts for persistence.