|
Port Address Translation (PAT) is a feature of a network device that translates TCP or UDP communications made between hosts on a private network and hosts on a public network. It allows a single public IP address to be used by many hosts on the private network, which is usually called a Local Area Network or LAN. Wikipedia does not have an article with this exact name. ...
It has been suggested that this article or section be merged with Port address translation. ...
“Computer Networks†redirects here. ...
The Transmission Control Protocol (TCP) is one of the core protocols of the Internet protocol suite, often simply referred to as TCP/IP. Using TCP, applications on networked hosts can create connections to one another, over which they can exchange streams of data using Stream Sockets. ...
User Datagram Protocol (UDP) is one of the core protocols of the Internet protocol suite. ...
This article or section does not cite any references or sources. ...
Lan can stand for several things: A local area network Lan (airline) formerly LanChile Lan Peru Län, a kind of administrative division used in Sweden Lan Mandragoran, a fictional character in the Wheel of Time fantasy series by Robert Jordan. ...
A PAT device transparently modifies IP packets as they pass through it. The modifications make all the packets which it sends to the public network from the multiple hosts on the private network appear to originate from a single host - the PAT device - on the public network. In information technology, a packet is a formatted block of information carried by a computer network. ...
The tone or style of this article or section may not be appropriate for Wikipedia.
Specific concerns may be found on the talk page. See Wikipedia's guide to writing better articles for suggestions. Note: Different vendors call PAT different names - those are : Hidden NAT (Check Point), PAT (Cisco Systems), NAPT, SNAT/MASQUERADE (Linux iptables), Internet Connection Sharing (Microsoft), but PAT is the most common term.
Relationship between NAT and PAT PAT is closely related to the concept of Network Address Translation, often called NAT. In computer networking, the process of network address translation (NAT, also known as network masquerading, native address translation or IP masquerading) involves re-writing the source and/or destination addresses of IP packets as they pass through a router or firewall. ...
IN NAT, generally only the IP addresses are modified; generally on there is a 1:1 correspondence between publicly exposed IP addresses and privately held IP addresses. In PAT, both the sender's private IP and port number are modified; the PAT device chooses the port numbers which will be seen by hosts on the public network. This article or section does not cite any references or sources. ...
In NAT, incoming packets are routed to their destination IP address on the private network by reference to the incoming destination IP address given by the host on the public network. In PAT there is generally only one publicly exposed IP address and incoming packets from the public network are routed to their destinations on the private network by reference to a table held within the PAT device which keeps track of public and private port pairs. This is often called called connection tracking.
Details of PAT
IP Packet Background Every TCP packet contains both a source IP and source port number as well as a destination IP and destination port number. This article or section does not cite any references or sources. ...
For publicly accessible services such as web servers and mail servers the port number is important. For example, port 80 connects to the web server software and port 25 to a mail server's SMTP daemon. Additionally, the IP address of a public server is also important, similar in global uniqueness to a postal address or telephone number, it must be correctly known by all wishing to successfully communicate. This article or section does not cite any references or sources. ...
Simple Mail Transfer Protocol (SMTP) is the de facto standard for email transmission across the Internet. ...
In Unix and other computer multitasking operating systems, a daemon is a computer program that runs in the background, rather than under the direct control of a user; they are usually instantiated as processes. ...
Thus server (public) IP addresses have worldwide significance and ports have significance that depend on the particular type of communication desired (e.g. web, email, FTP). The abbreviation FTP can refer to: The File Transfer Protocol used on the Internet. ...
The significance of the IP address on an internal host however needs only to be limited to the organisational entity where it resides. Thus private addresses as given in RFC 1918 may be used. Additionally, the port number of a client application on a client host is significant only to that particular host. Consequently within an organisation any communicating client application can be uniquely identified by the combination of its host IP (organisational significance) and host port (host only significance).
An Analogy of PAT A PAT device is like a post office that delivers box mail: outgoing envelopes are changed to appear to come from a post office box; incoming envelopes addressed to a valid post office box are changed to have the real street address of the box holder. Small-town post office and town hall in Lockhart, Alabama A post office is a facility (in most countries, a government one) where the public can purchase postage stamps for mailing correspondence or merchandise, and also drop off or pick up packages or other special-delivery items. ...
A Post Office box is a uniquely-addressable lockable box located on the premises of a Post Office station. ...
An address is a code and abstract concept expressing the fixed location of a home, business or other building on the earths surface. ...
Translation of the Endpoint IP Address With PAT all communication sent to or from external hosts actually contain the IP address and port information of the PAT device instead of internal host IPs or port numbers. This is achieved as outlined below: - When a computer on the inside network sends a packet to the outside network the PAT device replaces the inside IP address in the packet header’s source field (sender’s address) with the PAT device’s outside IP address. It then assigns the connection a port number from a pool of available ports, inserts this port number in the packet header source port field (much like the post office box number), and places the packet on the outside network. The PAT device then makes an entry in its translation table containing the inside IP address, inside source port, and outside port. Subsequent packets from the same connection on the inside IP address are translated to the same outside port number translation.
- The computer receiving a data packet will move the source IP address and source port as the corresponding destination fields in any response it sends back. So, for packets arriving from the outside, the process operates on the packet header’s destination port (similar to the recipient’s post office box number). First, if the destination port number of the incoming packet is not found as an outside port in the translation table, the packet is simply dropped because the PAT device doesn’t know where to send it. Otherwise, the corresponding inside IP address and inside port number from the translation table replaces the destination IP address and the destination port number in the incoming packet header (similar to the translation from post office box number to street address). The packet is then placed on the inside network.
Example: a host at IP address 192.168.0.2 on the private network may ask for a connection to a remote host on the public network giving the source address and port as 192.168.0.2:15345. The PAT device (which we assume has a public IP of 1.2.3.4) might for example translate this source address:port pair to 1.2.3.4:16529 and make an entry in its internal table that port 16529 is now in use by 192.168.0.2 on the private network. When a packet is received from the public network by the PAT device for address 1.2.3.4:16529 the packet is forwarded to the host on 192.168.0.2 with the port destination changed to 15345. Internet Protocol version 4 is the fourth iteration of the Internet Protocol (IP) and it is the first version of the protocol to be widely deployed. ...
A Post Office box is a uniquely-addressable lockable box located on the premises of a Post Office station. ...
An address is a code and abstract concept expressing the fixed location of a home, business or other building on the earths surface. ...
PAT can only translate/replace IP addresses and ports for its internal hosts. As a consequence of its function it effectively hides the true endpoint IP address and port of the internal hosts. However, PAT must of course leave the public IP address and port information of the external host unmodified.
Visibility of Operation The PAT operation is typically transparent to both the internal and external hosts.
Typically the internal host is aware of the true IP address and TCP or UDP port of the external host. Typically the PAT device may function as the default gateway for the internal host. However the external host is only aware of the public IP address for the PAT device and the particular port being used to communicate on behalf of a specific internal host.
Location in Network The PAT device usually sits at the network perimeter where one side connects to the external network, usually the public Internet; and on the other side is internal network, usually with private IP addressing.
Uses of PAT Firewall systems and multi-port broadband network access devices (e.g. ADSL routers, cable modems) tend to use PAT. In the configuration of those devices, the outside network is the Internet and the inside network is the LAN. It has been suggested that network layer firewall be merged into this article or section. ...
A WildBlue Satellite Internet dish. ...
Asymmetric Digital Subscriber Line (ADSL) is a form of DSL, a data communications technology that enables faster data transmission over copper telephone lines than a conventional modem can provide. ...
This article describes the computer networking device. ...
Motorola Surfboard cable modem A cable modem is a type of modem that provides access to a data signal sent over the cable television infrastructure. ...
LOCAL AREA NETWORK Local area network scheme A local area network is a computer network covering a small geographic area, like a home, office, or group of buildings. ...
An Example of PAT For example, an SMB or SME network perimeter device such as an ADSL router may use PAT to translate connections to TCP port 80 to a user configured port 6008 of an internal network host. This operation may allow the user to have a web server running on an internal host on port 6008, whereas the actual HTTP port 80 of that internal host may be used for other internal hosts to access an intranet web server which an external host may have no conduit to (due to the absence of a specific configuration on the PAT device). Server Message Block (SMB) is an application-level network protocol mainly applied to shared access to files, printers, serial ports, and miscellaneous communications between nodes on a network. ...
Small and medium enterprises or SMEs are companies whose headcount or turnover falls below certain limits. ...
The inside/front of a Dell PowerEdge web server The term Web server can mean one of two things: A computer that is responsible for accepting HTTP requests from clients, which are known as Web browsers, and serving them HTTP responses along with optional data contents, which usually are Web...
Advantages of PAT - PAT's main advantage is that multiple internal hosts can share a single IP address for communication, conserving precious IP addresses.
- Hosts on the private network don't have to expose their private IP addresses to the public network, making attacks from the public network less likely.
Disadvantages of PAT Only a single public service e.g. port 80 HTTP, can be exposed per public IP address. Thus an organisation using PAT and a single IP cannot easily run more than one of the same type of public service behind a PAT e.g. two public web servers using the default port 80. HTTP (for HyperText Transfer Protocol) is the primary method used to convey information on the World Wide Web. ...
Obviously if many hosts on the private network make many connections to the public network, the PAT device may not have sufficient room in its internal table to keep track of the connections or it may simply run out of unused ports.
See also In computer networking, the process of network address translation (NAT, also known as network masquerading, native address translation or IP masquerading) involves re-writing the source and/or destination addresses of IP packets as they pass through a router or firewall. ...
The Transmission Control Protocol (TCP) is one of the core protocols of the Internet protocol suite, often simply referred to as TCP/IP. Using TCP, applications on networked hosts can create connections to one another, over which they can exchange streams of data using Stream Sockets. ...
User Datagram Protocol (UDP) is one of the core protocols of the Internet protocol suite. ...
It has been suggested that this article or section be merged into Computer port (software). ...
Internet Protocol version 4 is the fourth iteration of the Internet Protocol (IP) and it is the first version of the protocol to be widely deployed. ...
External links - RFC 1918 - Address Allocation for Private Internets
- http://computer.howstuffworks.com/nat.htm
| 
Feeds |
Contact