Network Address Translation (NAT) - PowerPoint PPT Presentation

About This Presentation
Title:

Network Address Translation (NAT)

Description:

Network Address Translation (NAT) Reading: Chapter 21 Concepts NAT Translation between IP addresses (and port numbers) Basic NAT Only involving IP address translation ... – PowerPoint PPT presentation

Number of Views:416
Avg rating:3.0/5.0
Slides: 11
Provided by: zhenha
Learn more at: http://www.cs.fsu.edu
Category:

less

Transcript and Presenter's Notes

Title: Network Address Translation (NAT)


1
Network Address Translation (NAT)
  • Reading Chapter 21

2
Concepts
  • NAT
  • Translation between IP addresses (and port
    numbers)
  • Basic NAT
  • Only involving IP address translation
  • Network address and port translation
  • Involving both IP address and port number

3
(No Transcript)
4
Some application specific problems
  • FTP
  • PORT command contains IP/port
  • May need to change content
  • Fragmentation
  • Only the first fragment has TCP/UDP header
  • May need to do assembly first

5
NAT implementation in Linux
Incoming packets
Connection Tracking
Higher layers Local processes
NF_IP_LOCAL_IN
NF_IP_LOCAL_OUT
NAT
Forwarded packets
NF_IP_FORWARD
Routing
Routing
NAT
NAT
NF_IP_PRE_ROUTING
NF_IP_POST_ROUTING
Connection Tracking
CRC check Consistency checks
Device driver (output)
Device driver (input)
Ausgehende Pakete
6
Initialization and uninitialization
  • Done by init() and fini()
  • They call init_or_cleanup()
  • init_or_cleanup()
  • Initialization
  • Initializing some netfilter tables
  • Initializing some protocol specific stuffs
  • Link (register) netfilter hooks
  • ip_nat_fn(), ip_nat_local_fn(), ip_nat_out()
  • Uninitializing
  • Reversing the process

7
How packet flows in NAT
  • Incoming packets
  • NF_IP_PRE_ROUTING
  • ip_nat_fn()
  • Locally generated packets
  • NF_IP_LOCAL_OUT
  • ip_nat_local_fn() for unfragmented packets
  • Passing on other packets
  • Outgoing packets
  • NF_IP_POST_ROUTING
  • ip_nat_out()
  • Reassembly packets, passing on to ip_nat_fn()

8
ip_nat_fn()
  • Determining what NAT needs to be used (src or
    dst)
  • Determining associated flow of the packet
  • Handling the packet depending on state
  • Expected connection (IP_CT_RELATED)
  • New connection (IP_CT_NEW)
  • Others
  • Doing real binding (translation)
  • Do_bindings()

9
Initializing address-binding process
  • Netfilter registered branch destinations
  • ipt_snat_target(), ipt_dnat_target()
  • Finding associated flow/connection entry
  • Calling ip_nat_setup_info() to do new binding

10
Actual address translation
  • do_bindings()
  • Searching associated bindings
  • Calling manip_pkt() to do address translation
  • manip_pkt()
  • Translating ip address
  • Updating checksum
  • Calling prot-gtmanip_pkt() to handle protocol
    specific translation
Write a Comment
User Comments (0)
About PowerShow.com