Hi John,
you pretty much got the idea!
Static NAT'ing is used to build a 1:1 address translation from one
IP address to another. You can - and that is what you were asking -
access hosts from the other side of the NAT'ing device.
For example you can have a web server on the internal side of the NAT
device on a private address space (e.g. 192.168.10.1). Doing a static
address translation to a public and valid Internet address allows you to
give people on the Internet access to that webserver despite that it has a
private IP address.
Dynamic NAT'ing is a n:1 or a n:m address translation. It only works in
one direction.
For example you can "hide" an internal network through a NAT device and
map it to one or more legal Internet addresses on the outside and so
giving the inside hosts (almost) full access to the Internet but disabling
and access from the Internet to the inside. NAT devices keep track of the
initiating internal machine through remembering what ports were being
used.
I put the almost in parenthesis above since there are issues if
application traffic returns on a different port then the one it was
originated to (ftp is an example for this). Most NAT devices support
standard applications though.
Hope this helped,
- Christian
> Folks,
>
> I need help with understanding network address translation.
>
> I can understand that NAT allows the network administrators to create a
> private addressing domain with all the internal addresses somehow being
> mapped to external addresses.
>
> This mapping between internal and external seems to take place:
> * Staticly, where one internal IP address is mapped to one external
> address
> * Dynamicly, where all the internal IP addresses are mapped to a few
> external addresses
>
> My question is how often is the addressing done dynamicly, and if it is, how
> can I have applications addressing hosts within my private addressing
> domain, if the addresses are masked by NAT.
>
> Your help would be much appreciated
>
> Cheers
>
> John
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
>
________________________________________________________________
____ | Christian Ohlendorf, Sr. Network Engineer [EMAIL PROTECTED] |_____
\ | Mips Technologies Inc. / \ http://www.mips.com | /
/ ________________________________________________________________ \
/___________) (___________\
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
