network address translation and WAN IP

[johnyb98]

Good evening!

Please, I am a kind of confused about NAT. Confusion has to do with IPs used in NAT (e.g. static NAT, where we manually assign each private IP address + port number a public IP address + port number). Does any IP used/assigned in NAT has to do with WAN IP (IP assigned by ISP provider)?

 

Thank you for your time !

[Donut417]

7 minutes ago, johnyb98 said:

Good evening!

Please, I am a kind of confused about NAT. Confusion has to do with IPs used in NAT (e.g. static NAT, where we manually assign each private IP address + port number a public IP address + port number). Does any IP used/assigned in NAT has to do with WAN IP (IP assigned by ISP provider)?

 

Thank you for your time !

NAT generally has nothing to do with the IP assigned by your ISP. My ISP Comcast assigns IP's based on the MAC address of the device connected to the modem. 

 

Generally IP addresses on a standard home network are assigned by a DHCP server built in to the router. They assign private IP's, generally in the 192.168.x.x or 10.x.x.x, this IP's are not internet IP's, meaning they cant be used on the internet and are only used internal to route traffic. I think what your thinking of is the firewall, thats where you assign the ports that need forwarding, in this case, you will assign a static IP to the machine that falls outside the range of the DHCP server. 

 

The biggest thing NAT does, is allow you to share one Internet IP across multiple machines. 

[Lurick]

Not really sure I fully understand the question. When you NAT an IP address it's a 1 to 1 mapping of internal to external IP address and if you have a single IP then you're really doing PAT (Port Address Translation) which is many to one when you leave your local network and go out to the internet.

 

If you're asking how are they assigned that's done by the router itself which translates the internal IP addresses to the single external IP address and instead of using IP to IP mapping it does port to IP mapping so it knows how to untranslate the traffic and return it back.

[AbsoluteFool]

22 minutes ago, johnyb98 said:

Good evening!

Please, I am a kind of confused about NAT. Confusion has to do with IPs used in NAT (e.g. static NAT, where we manually assign each private IP address + port number a public IP address + port number). Does any IP used/assigned in NAT has to do with WAN IP (IP assigned by ISP provider)?

 

Thank you for your time !

You have a very confusing way to ask question. NAT is a part of the router. Generally your router will only have one external IP that comes from your ISP. Your router then allows traffic throught your public IP with the Local range e.g 192 (C), 172(B) or 10 (A). Each local IP can be port forwarded to the public IP like Lurick said above.

 However, let's say you've opened port 80 and 443 for HTTP(S), you cannot then assign the same port ranges to another local IP as this would cause conflicts in the NAT as to where to send these network packets.

 

The NAT simpely allows the use of using a local IP adress range, instead of being limited to only one IP address that your ISP gives you. This is why it's called Network address translation.

 

So your question should be: Will every IP i port forward face externally (Public)? Yes they will.

[Alex Atkin UK]

Basically put, the Internet can only see your WAN IP, your LAN only knows that if you try to access something from an IP outside your LAN range that it should send that to the router to deal with.  Its your router which then determines what to do with it.

 

NAT on a basic level changes the WAN IP in the incoming packet to the LAN IP of the client which it is destined for then sends that packet onto the LAN to be delivered.  It does this by maintaining a table of which LAN IP establishes which request, so it knows when that data comes back on the WAN IP,  which LAN IP to forward it back to.  Effectively, all the LAN knows is to send traffic to the routers LAN IP address, and all the Internet knows is to send traffic to the routers WAN IP address.  Its the router itself that passes this traffic between the two.

Port forwarding just tells the router how to do this for traffic coming in from the WAN that was NOT initiated from the LAN.  Effectively the router "pretends" to be the host of services on the port you set, then performs NAT on it so that it "appears" to the machine on your LAN that the connection was actually requested from the router itself.  Again the router "remembers" this so it knows which Internet IP to send the response back to.

[johnyb98]

Thank you all for your answers. Too many information and really golden knowledge I received through them!!

 

I am sorry if the question was kind of vague, and you did not completely understand it. Also, I do accept and recognize the mistake I made saying "static NAT, where we manually assign each private IP address + port number a public IP address + port number". I guess this has to do with PAT. It was confusing for you. When referring to static NAT, we do not refer to ports too. Sorry about that.

 

Anyway, let's make the question very very simple: at the static or dynamic NAT, the inside public ip that NAT "plays" with, is the WAN IP the router gets from the ISP? Or is a different one? And if it is a different one than the ISP's WAN IP, how does NAT know that an IP that it wants to assign as a inside public IP is not already being used by some other MAC device? Which is the criteria of assigned inside public address by NAT?

 

Although this might have been answered above, I would like to ask again in this simple kind of question.

 

Thank you again !

[Alex Atkin UK]

Your question is still phrased rather confusing but I will try to answer anyway.

Yes the router gets the ISPs WAN IP.  It effectively DOESN'T know nothing else is using it, but your ISP will not give you one already in use as it DOES know from its own database.

While it is indeed possible to assign a static WAN IP (you would likely need to if your ISP gave you several), in this case the onus is entirely on YOU to not use the same one twice and it would cause all sorts of problems if you did.

 

If you have multiple WAN IP addresses your ISP will give you a subnet, one of the IPs it gives you will be a network address and one a gateway, so that your router can communicate with the greater Internet.  Your ISPs router will know how to send data to that subnet, just as your router knows how to send data to your private IP addresses.

You wouldn't ever really consider a public IP to be "inside", by definition it is part of the Internet, what we would consider the outside world.

There are two ways to use a block of public IP addresses, multi-NAT which you already figured means specifying which public IP address and private IP address to NAT traffic between.  Or a DMZ, where you effectively put your clients on the Internet side and assign those public IP addresses to them.  For the DMZ your router is behaving like any other router on the Internet and just forwarding the traffic directly, they are entirely on the public side and no NAT is being applied at all.

 

From the LAN, these machines appear just like any other part of the Internet and the router would have to perform NAT to reach them from the LAN. Obviously one of your public IP addresses would still need to be assigned to the router itself too.

[beersykins]

LAN IP and WAN IP are completely independent.  Your local router will observe connections to external addresses and assign a specific port on the WAN IP provided by the ISP.  Your ISP has no visibility or care what the LAN side scheme is, they never see it.

 

From the provider end it just looks like one device, when traffic returns on an allocated port for a session, the local router looks at its table to see who it should forward the traffic back to internally.

 

Based on the session table, the router keeps track of which ports go to which LAN clients, so you wouldn't get overlaps.  The entries in the table have a lifetime, it depends on the router and settings but some things like Cisco IOS will keep a PAT entry for 24 hours unless it sees a TCP RST in the session (then modifies the Nat entry to one minute).

[johnyb98]

Thank you for your answers and helpful information !