Before we jump into PAT, NAT and VPN, lets take a step back and begin with the technology behind many of these services called Port Forwarding...
-Port Forwarding-
-Also called Port Mapping is the process of changing of the destination address and/or port on a packet.
-Port forwarding on the router permits communications by external hosts with services provided within a private lan
-this permits public hosts (eg on the Internet) to connect to a specific host within a private lan.
-scenarios of Port Forwarding:
-running a public http server within a private lan at port 80
-permitting ssh access to hosts on the private lan from the Internet at port 22
-permitting ftp access to hosts on the private lan from the Internet at port 21.
-Port Forwarding is achieved by-
-iptables cmd in linux
-Note:
-Two cases of Port Forwarding are PAT (Port Address Translation) and NAT (Network Address Translation). PAT is subset of NAT.
-NAT Translates IP addr only. 1to1 IP translation also called Static NAT.
-PAT Translates IP addr + port (ie socket). Also called NAT overload.
-In a typical home lan via a router, the Internet sees only the router which holds the public ip addr.
-the hosts behind the router are invisible to the Internet.
-PAT permits communication between hosts on a private n/w and hosts on a public n/w.
-It allows a single IP addr to be used by many hosts on a private n/w.
-PAT device (usually router) transparently modifies IP packets as they pass through it.
-PAT device modifies the senders IP Addr and Port number (to a public ip and port)
-PAT is also known as NAT overload.
-PAT operates on layer 3 & 4 (network, transport resp). NAT operates only on layer 3.
-Socket -ip + port pair (much like a telephone line and its extn).
-the socket needs to be known by both source and target host for communication to happen.
-VPN
-a n/w that uses a public telecom n/w like the Internet to provide remote network access.
-the goal of vpn is to provide same level of security as a private n/w at a fraction of the cost.
-vpns came in vogue in around Y2K when leased lines were the only option available and that too at a high cost.
-vpns actually spelled the end of leased lines.
-vpns provide security by encapsulating the traffic between the two nodes in cryptographic tunnels.
-vpns use several protocols for providing security - eg ssh, ipsec (ip security), ssl etc.
-Tunneling protocol-
-a n/w protocol that encapsulates payload of another n/w protocol.
-this is routinely used in vpn.
-tunneling usually has two protocols operating - the 'delivery protocol' that encapsulates the 'payload protocol'
-eg: -delivery protocol = ssh, payload protocol = smb; ssh + smb = ssh tunneling protocol.
Note: In contrast to IP based Computer networks, traditional networks like Cable TV provides TV Broadcast in the form of Radio Freq Signals over optical fiber or coaxial cables.
-This is different from traditional TV Broadcast via radio waves over-the-air.
-Cable TV networks have a high bandwidth.
No comments:
Post a Comment