78 | Lesson 4 CERTIFICATION READY How can you define NAT and subnetting? 3.2 Defining Advanced IPv4 Concepts Methods such as network address translation, subnetting, and classless inter-domain routing CIDR can make networks faster, more efficient, and more secure. These advanced IP configurations are found in most networks today. Therefore, to be a profi- cient network engineer, you must master these concepts. NETWORK ADDRESS TRANSLATION Network address translation NAT is the process of modifying an IP address while it is in transit across a router, computer, or similar device. This is usually so one larger address space private can be re-mapped to another address space, or perhaps re-mapped to a single public IP address. This process is also known as IP masquerading, and it was originally implemented due to the problem of IPv4 address exhaustion. Today, NAT hides a person’s private internal IP address, making it more secure. Some routers only allow for basic NAT, which carries out IP address translation only. However, more advanced routers allow for port address translation PAT, a subset of NAT, which translates both IP addresses and port numbers. A NAT implementation on a firewall hides an entire private network of IP addresses e.g., the 192.168.50.0 network behind a single publicly displayed IP address. Many SOHO routers, servers, and similar devices offer this technology to protect a company’s computers on a LAN from outside intrusion. Figure 4-6 illustrates how NAT might be implemented with some fictitious IP addresses. Here, the router has two network connections. One goes to the LAN—192.168.50.254—and is a private IP address. This is also known as an Ethernet address and is sometimes referred to as E or the first Ethernet address. The other connection goes to the Internet or WAN— 64.51.216.27—and is a public IP address. Sometimes, this will be referred to as S , which denotes a serial address common to vendors such as Cisco. So, the router is employing NAT to protect all of the organization’s computers and switches on the LAN from possible attacks initiated by mischievous persons on the Internet or in other locations outside the LAN. Figure 4-6 NAT implementation Switch 192.168.50.251 Router Internet 192.168.50.254 64.51.216.27 An example of a D-Link DIR-655 multifunction network device that implements NAT is shown in Figure 4-7. This screen capture displays the main Device Information page. Notice in the WAN section that there is a public IP address of 216.164.145.27. This is the WAN address, and this particular testing device obtains that address and the subsequent WAN information from an ISP’s DHCP server. You will also note the LAN IP address of 10.254.254.1. That is the private IP address on the local side of the router. Accordingly, this device is translating for all computers on the 10.254.254.0 network and allowing them to communicate with the Internet, but it is only displaying one IP address to the Internet: 216.164.145.27.