tymann us Have Road Runner Unhappy about reports
tymann. us • Have Road Runner • Unhappy about reports of constant probes of machines • Policy decision – I want to prevent unauthorized probes/connection attempts on my machines • Mechanism – Purchase some sort of firewall for my home network 10/3/2020 Home Networking 1
Configuration Grumpy Internet Cable Modem Router Reiker Desktops 10/3/2020 Home Networking 2
Private IP Addresses • The Internet Assigned Numbers Authority (IANA) has reserved the following three blocks of the IP address space for private internets (RFC 1597): – 10. 0 - 10. 255 (class A) – 172. 16. 0. 0 - 172. 31. 255 (class B) – 192. 168. 0. 0 - 192. 168. 255 (class C) • These addresses are not routable – Meaning that they will not be routed by an ISP 10/3/2020 Home Networking 3
Address Management 192. 168. 1. 254 Assigned via DHCP (RR) 66. 67. 3. 170 Internet Cable Modem Router Grumpy 192. 168. 1. 1 Reiker 192. 168. 1. 2 Desktops Assigned via DHCP (grumpy) (192. 168. 0. 100 – 192. 168. 0. 200) 10/3/2020 Home Networking 4
How Does This Help? Grumpy 192. 168. 1. 1 Internet Cable Modem Router Reiker 192. 168. 1. 2 Because these use private addresses cannot be used beyond the router Desktops Assigned via DHCP (grumpy) (192. 168. 0. 100 – 192. 168. 0. 200) Can’t get in or out!!! 10/3/2020 Home Networking 5
Mystery • Mouse opens a TCP connection to the CS department’s web server – Grumpy’s address is 192. 168. 1. 1 – Destination is 129. 21. 30. 29 – The packet arrives at RIT – RIT responds – but 192. 168. 1. 1 is a private address and will not be routed through the Internet – How does Grumpy communicate with the outside world? 10/3/2020 Home Networking 6
Network Address Translation • Network Address Translation (NAT) makes this all possible (RFC 2663 & RFC 2766) – Private traffic for the Internet arrives at the router (sometimes called a NAT box) – The router changes the source IP address to the “real” IP address – Packet is sent as usual – Reply arrives at router – Now what? How do we know what private address to route it to? 10/3/2020 Home Networking 7
A Little TCP Dest: 129. 21. 30. 29 : 1024 Src: 192. 168. 1. 1: 2024 192. 168. 1. 1: 2004 129. 21. 30. 29 : 1024 Dest: 192. 168. 1. 1: 2024 Src: 129. 21. 30. 29 : 1024 Both endpoints, together, uniquely define a TCP connection (192. 168. 1. 1, 2024, 129. 21. 30. 29, 1024) 10/3/2020 Home Networking 8
Address Translation Dest: 129. 21. 30. 29: 80 Src: 192. 168. 1. 1: 2024 Dest: 129. 21. 30. 29 : 80 Src: 66. 67. 3. 170: 2024 129. 21. 30. 29 : 1024 NAT Box 192. 168. 1. 1: 2004 Dest: 66. 67. 3. 170: 2024 Src: 129. 21. 30. 29: 80 Dest: 192. 168. 1. 1: 2024 Src: 129. 21. 30. 29: 80 10/3/2020 Home Networking 9
How to Route? • If a NAT box is managing several TCP connections, how does it know who to route incoming packets to? – Key is port numbers • (IPsrc, Portsrc, IPdest, Portdest) – Create map • Key (Portsrc, IPdest, Portdest) • Value (IPsrc) – Why have Portsrc in the key? 10/3/2020 Home Networking 10
Problem Dest: 129. 21. 30. 29: 80 Src: 192. 168. 1. 1: 2024 Dest: 129. 21. 30. 29 : 80 Src: 66. 67. 3. 170: 1024 129. 21. 30. 29 : 80 192. 168. 1. 1: 2004 NAT Box 192. 168. 1. 2: 2004 10/3/2020 Dest: 129. 21. 30. 29: 80 Src: 192. 168. 1. 2: 2024 Home Networking Dest: 129. 21. 30. 29: 80 Src: 66. 67. 3. 170: 1024 11
NAPT • Includes port numbers in the translation – Client actually opens connection with NAT box (thus has unique end points) – NAT box in turn open connection with real server (again unique end points) – Now when packet arrives from server has NAT assigned port as destination • The term NAT is often used in place of NAPT 10/3/2020 Home Networking 12
NAPT Translation Table Private Address Private Port External Address External Port NAT Port 192. 168. 1. 1 2024 129. 21. 30. 29 80 14003 TCP 192. 1. 68. 1. 2 2024 129. 2. 1. 30. 29 80 14004 TCP 10/3/2020 Home Networking Protocol Used 13
NAPT Translation Dest: 129. 21. 30. 29: 80 Src: 192. 168. 1. 1: 2024 Dest: 129. 21. 30. 29 : 80 Src: 66. 67. 3. 170: 14003 129. 21. 30. 29 : 80 192. 168. 1. 1: 2004 NAT Box 192. 168. 1. 2: 2004 10/3/2020 Dest: 129. 21. 30. 29: 80 Src: 192. 168. 1. 1: 2024 Home Networking Dest: 129. 21. 30. 29: 80 Src: 66. 67. 3. 170: 14004 14
Common Characteristics • All flavors of NAT devices should share the following characteristics. – Transparent Address assignment. – Transparent routing through address translation. (routing here refers to forwarding packets, and not exchanging routing information) – ICMP error packet payload translation. 10/3/2020 Home Networking 15
- Slides: 15