ICS 351: Today's plan. IP addresses Network Address Translation Dynamic Host Configuration Protocol Small Office / Home Office configuration



Similar documents
1:1 NAT in ZeroShell. Requirements. Overview. Network Setup

Dynamic Host Configuration Protocol (DHCP) 02 NAT and DHCP Tópicos Avançados de Redes

Enabling NAT and Routing in DGW v2.0 June 6, 2012

Internet Protocol: IP packet headers. vendredi 18 octobre 13

1 Data information is sent onto the network cable using which of the following? A Communication protocol B Data packet

ΕΠΛ 674: Εργαστήριο 5 Firewalls

Planning for Information Network

IP Address: the per-network unique identifier used to find you on a network

ΕΠΛ 475: Εργαστήριο 9 Firewalls Τοίχοι πυρασφάλειας. University of Cyprus Department of Computer Science

Computer Networks. Introduc)on to Naming, Addressing, and Rou)ng. Week 09. College of Information Science and Engineering Ritsumeikan University

Using VDOMs to host two FortiOS instances on a single FortiGate unit

Polycom. RealPresence Ready Firewall Traversal Tips

Virtual private network. Network security protocols VPN VPN. Instead of a dedicated data link Packets securely sent over a shared network Internet VPN

Network Address Translation (NAT)

TCP/IP works on 3 types of services (cont.): TCP/IP protocols are divided into three categories:

Technical Support Information

How To - Configure Virtual Host using FQDN How To Configure Virtual Host using FQDN

Application Note. Stateful Firewall, IPS or IDS Load- Balancing

Ref: A. Leon Garcia and I. Widjaja, Communication Networks, 2 nd Ed. McGraw Hill, 2006 Latest update of this lecture was on

Introduction to Network Operating Systems

Lab Configuring the PIX Firewall as a DHCP Server

Scaling the Network: Subnetting and Other Protocols. Networking CS 3470, Section 1

Configuring IP Addressing and Services

Lab Objectives & Turn In

Check Point Software Technologies LTD. Creating A Generic Service Proxy (GSP) Using Network Address Translation (NAT)

Multi-Homing Security Gateway

NAT & IP Masquerade. Internet NETWORK ADDRESS TRANSLATION INTRODUCTION. NAT & IP Masquerade Page 1 of 5. Internal PC

IP Addressing A Simplified Tutorial

Network Basics GRAPHISOFT. for connecting to a BIM Server (version 1.0)

Firewalls P+S Linux Router & Firewall 2013

Source-Connect Network Configuration Last updated May 2009

Savvius Insight Initial Configuration

Transport and Network Layer

ICS 351: Today's plan

MULTI WAN TECHNICAL OVERVIEW

Chapter 3 Security and Firewall Protection

Lab 2. CS-335a. Fall 2012 Computer Science Department. Manolis Surligas

Site to Site VPN s between two networks with the same IP Address scheme.

21.4 Network Address Translation (NAT) NAT concept

Document No. FO1101 Issue Date: Work Group: FibreOP Technical Team October 31, 2013 FINAL:

CONNECTING WINDOWS XP PROFESSIONAL TO A NETWORK

Chapter 12 Supporting Network Address Translation (NAT)

IP address format: Dotted decimal notation:

NATed Network Testing IxChariot

Internet Control Protocols Reading: Chapter 3

Slide 1 Introduction cnds@napier 1 Lecture 6 (Network Layer)

How To. Instreamer to Exstreamer connection. Project Name: Document Type: Document Revision: Instreamer to Exstreamer connection. How To 1.

Chapter 11 Cloud Application Development

Technical Support Information Belkin internal use only

Linux firewall. Need of firewall Single connection between network Allows restricted traffic between networks Denies un authorized users

EITF25 Internet Techniques and Applications L5: Wide Area Networks (WAN) Stefan Höst

Network Configuration Settings

THE HONG KONG POLYTECHNIC UNIVERSITY Department of Electronic and Information Engineering

Proxy Server, Network Address Translator, Firewall. Proxy Server

Topic 7 DHCP and NAT. Networking BAsics.

How To Connect Xbox 360 Game Consoles to the Router by Ethernet cable (RJ45)?

Appendix A: Configuring Firewalls for a VPN Server Running Windows Server 2003

Linux Routers and Community Networks

We will give some overview of firewalls. Figure 1 explains the position of a firewall. Figure 1: A Firewall

Networking Basics for Automation Engineers

IP addressing and forwarding Network layer

Internet Protocol (IP) IP - Network Layer. IP Routing. Advantages of Connectionless. CSCE 515: Computer Network Programming IP routing

Digi Connect WAN Application Helper NAT, GRE, ESP and TCP/UPD Forwarding and IP Filtering

2. IP Networks, IP Hosts and IP Ports

MINIMUM NETWORK REQUIREMENTS 1. REQUIREMENTS SUMMARY... 1

7.1. Remote Access Connection

Firewalls. Ingress Filtering. Ingress Filtering. Network Security. Firewalls. Access lists Ingress filtering. Egress filtering NAT

EECS 489 Winter 2010 Midterm Exam

What communication protocols are used to discover Tesira servers on a network?

Lab Configuring Access Policies and DMZ Settings

Note: This case study utilizes Packet Tracer. Please see the Chapter 5 Packet Tracer file located in Supplemental Materials.

Firewalls with IPTables. Jason Healy, Director of Networks and Systems

Pre-lab and In-class Laboratory Exercise 10 (L10)

Packet filtering and other firewall functions

How to configure your Thomson SpeedTouch 780WL for ADSL2+

Chapter 3 LAN Configuration

How Your Computer Accesses the Internet through your Wi-Fi for Boats Router

Computer Networks 1 (Mạng Máy Tính 1) Lectured by: Dr. Phạm Trần Vũ

How To Set Up An Ip Firewall On Linux With Iptables (For Ubuntu) And Iptable (For Windows)

MiaRec. Cisco Built-in-Bridge Recording Interface Configuration Guide. Revision 1.1 ( )

Protecting and controlling Virtual LANs by Linux router-firewall

Smart Tips. Enabling WAN Load Balancing. Key Features. Network Diagram. Overview. Featured Products. WAN Failover. Enabling WAN Load Balancing Page 1

Adding an Extended Access List

- Introduction to Firewalls -

Customer Guide. BT Business - BT SIP Trunks. BT SIP Trunks: Firewall and LAN Guide. Issued by: BT Business Date Issue: v1.

Internetworking Microsoft TCP/IP on Microsoft Windows NT 4.0

Getting started with IPv6 on Linux

Firewalls and VPNs. Principles of Information Security, 5th Edition 1

Security Technology: Firewalls and VPNs

CET442L Lab #2. IP Configuration and Network Traffic Analysis Lab

CSE331: Introduction to Networks and Security. Lecture 12 Fall 2006

FIREWALL AND NAT Lecture 7a

Certes Networks Layer 4 Encryption. Network Services Impact Test Results

Network Address Translation (NAT) Adapted from Tannenbaum s Computer Network Ch.5.6; computer.howstuffworks.com/nat1.htm; Comer s TCP/IP vol.1 Ch.

Track 2 Workshop PacNOG 7 American Samoa. Firewalling and NAT

LESSON Networking Fundamentals. Understand TCP/IP

Use this guide if you are no longer able to scan to Sharpdesk. Begin with section 1 (easiest) and complete all sections only if necessary.

Basic IPv6 WAN and LAN Configuration

Transcription:

ICS 351: Today's plan IP addresses Network Address Translation Dynamic Host Configuration Protocol Small Office / Home Office configuration

IP address exhaustion IPv4 addresses are 32 bits long so there should almost be one address per person on the planet (and many people on the planet do not own a computer) however, IP addresses must be assigned within networks renumbering networks is time-consuming and expensive so, there is an effective shortage of IPv4 addresses, especially in some areas three techniques are used to deal with this shortage: o use a single address to connect to the Internet multiple computers: Network Address Translation, or NAT o assign an IP address to a computer only when it is needed: Dynamic Host Configuration Protocol, or DHCP o switch to IPv6, with 2 128 addresses the first two techniques are common today, the last may become common in the future

Network Address Translation both TCP and UDP use ports to identify different applications on one computer most computers use far fewer than the 65,536 ports they could use so, multiple computers could share a single IP address, and just agree to use different ports since all computers use the same IP address, the combination of <internal port, external port, external IP> is what uniquely identifies the socket and source computer

Network address translation details in a NATed network, the computers run as if they were on the Internet each interface is assigned an IP address from a reserved space, 10.0.0.0/8, 172.16.0.0/12, or 192.168.0.0/16 -- these are non-routable IP addresses the router for this private network also runs DHCP to assign these addresses, is configured as the private computers' default gateway, and must acquire or be configured with the external IP addresses this "router" (really a NAT unit which usually does not participate in routing protocols) must examine each packet being forwarded and change some of the headers: o for every outgoing packet, the private source address must be replaced with the public source address. The combination of <internal port, external port, internal IP, external IP> is recorded in a table o for every incoming packet, the external (destination) IP must be replaced with the correct internal IP address taken from the table o if two or more machines on the internal network are using the same port number, the NAT unit generally also changes the port number the NAT table can also have static entries, for example pointing to a web server on the inside network the only limitation is that there cannot be two servers on the same port (e.g. port 80) on the inside network so to the outside, the entire private network behaves as a single computer, with any number of clients and servers

Firewalls the extended "router" can also discard any incoming packets for ports not listed in its table, or for statically configured ports this prevents outside access to applications (e.g. printers) that would be available inside the networks this also prevents outside access to applications that were installed automatically, and that the user is unaware of both of these are security risks, so the job of blocking "ports" is called firewalling, and such units are known as firewalls although the firewall function can be present in a "router" or a NAT unit, it can also be present in software on each computer the Linux IPTables mechanism is general enough to allow general forwarding as well as blocking of packets

Dynamic Host Configuration Protocol in our lab, computers have statically-configured IP addresses we also manually reconfigure IP addresses when needed when there are lots of computers or non-technical users, this becomes very cumbersome instead, a network administrator could decide the assignment of IP addresses centrally, and let a central computer distribute IP addresses however, the computer is not really on the Internet until it has an IP address so DHCP (like ARP) cannot use IP packets each address is leased for a given period of time, then must be renewed in most DHCP servers, renewal is automatic unless the network administrator decides otherwise so the lease expiration simply makes it easier to recycle addresses the system administrator decides the lengths of leases, which IP address ranges are available for DHCP, etc

Putting it all together many small office / home office (SOHO) networks are connected to the Internet by a single "router" this "router" runs no routing protocols, and may use DHCP to obtain its address from the Internet Service Provider or, if there are significant servers on the SOHO network, the IP address may be static and manually configured this "router" acts as a default router for the SOHO network, forwarding to its own default router (configured, or obtained by DHCP) all packets from the inside to the outside this "router" always performs NAT, to allow the sharing of the IP address this "router" usually performs some sort of firewalling for example, the firewall might by default allow all outgoing connections/streams, initiated by a computer inside, but not connections or streams initiated by outside computers but data for valid connections (streams) must still flow in both directions

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information