5.4 NAT in detail
In this part you will examine the IP packets in detail to see network address translation happening at the router.
Now watch the video below, which is about 3 minutes long.
NAT in detail
I’m going to have a look at how NAT works in a little bit more detail. I’m using Cisco Packet Tracer to do that. I’ve recorded what happens when I send an HTTP page request to a web server, the MegaCorp web server here. We’ll look at the packets to see what’s happening to that request in detail.
So this shows my request as it’s about to start; if I step through, we’ll see that packet reach the gateway. Now we can look inside it: this is the packet as it reaches the gateway router. You can see the source address, my machine 192.168.0.100, and the destination, the IP address of the web server, 22.214.171.124.
Now is when the network address translation occurs – if I look at the outbound packet (when it leaves the gateway router) it has been changed. It appears now to be coming from the IP address 126.96.36.199 which is the gateway router itself. It still has the same destination IP address.
This packet will now be passed over the internet to the web server. Let’s look at it when it gets to the server. You can see it appears to come from the source 188.8.131.52 which is the home gateway router, not my desktop at all.
The web server will now send a reply back. Again, let’s have a look in detail at the reply. The source of the reply will be the web server, 184.108.40.206, and the destination will be the gateway –according to the web server, that’s where it came from – so the destination is 220.127.116.11, my gateway.
At the gateway, that’s going to be changed again. This is the inbound packet; the outbound will be changed. It still appears to come from the web server, 18.104.22.168, but now the destination’s been translated to 192.168.0.100, which is my desktop. So the router can now pass it on to the LAN, through the switch, to the correct device, my desktop.
So you can see the packets moving through the network, and network address translation at the gateway. It takes my original desktop address and replaces it systematically with the gateway’s own address and then forwards it out to the internet, receives any replies that come in addressed to the gateway, and says ‘actually that really wasn’t for me’ and replaces the original source address – my desktop in this particular case – and then forwards it on the LAN side, on the internal network.
Network address translation happens in the router. The router inspects each outgoing IP packet: if the source address is a private address, the router will replace this with its own public IP address. It will also record which translations it has made. Returning traffic will arrive with the router’s own IP address as the apparent destination, but the router will inspect each packet and replace the destination address, using the information it stored earlier to reverse the translation back to a private address. The packet can then be switched over the LAN in the normal way.
Activity 6 Test yourself
Identify the one correct statement in the list below.
A router will not look at a packet containing a private address; it will just pass it on unchanged.
NAT changes private addresses in IP packets to a random IP address.
NAT changes private addresses in IP packets to the router’s own public address.
Computers and other devices in a private network always substitute the router’s address for their own before they send IP packets over the LAN.
The correct answer is c.