NAT [7:60784]

[Dwayne Saunders]

Hi all,
Was just wondering if any one could put me on to a good link in
regards NAT and packet headers, simply what I am trying to find out is the
packet header total rewritten or just the ip address part of the header and
checksum, Or is a new header written to envelope the original header.

Or does each application do it differently.

Any help would be great.

Regards

D'Wayne Saunders




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=60784&t=60784
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: NAT [7:60784]

[The Long and Winding Road]

This link was posted the other day.

Check out:

http://www.cisco.com/cgi-bin/Support/browse/psp_view.pl?p=Internetworking:NA
T
watch the wrap

this is a jump page, with links to a number of resources, including RFC
1631.


The process is quite simple. For normal NAT, the NAT engine replaces the
source address with an address from the NAT pool. Contrary to popular
believe, you can NAT private to private, private to public, public to
public, and every variation you can think of.  The NAT engine maintains a
table of translations, and rewrites the source address to outbound packets,
and destination address for inbound packets.

For static NAT, the translations come from a fixed table, not a dynamic
pool.

For NAT overload ( multiple addresses translated to a single address) the
NAT engine will rewrite the source address and source TCP port for all
packets outbound. the NAT engine maintains a state table and reverses the
process for inbound packets. I.e. destination address and destination port.

BTW, I was browsing a NAT document, published by Cisco, that states that
Cisco developed NAT. I did not see any indication of this in the RFC,
written by two people apparently not associated with Cisco that I could
tell. Anyone got the skinny?

--
TANSTAAFL
"there ain't no such thing as a free lunch"




""Dwayne Saunders""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Hi all,
> Was just wondering if any one could put me on to a good link in
> regards NAT and packet headers, simply what I am trying to find out is the
> packet header total rewritten or just the ip address part of the header
and
> checksum, Or is a new header written to envelope the original header.
>
> Or does each application do it differently.
>
> Any help would be great.
>
> Regards
>
> D'Wayne Saunders




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=60787&t=60784
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: NAT [7:60784]

[Marc Thach Xuan Ky]

Dwayne,
it's most likely that any NAT implementation would overwrite the header
data that it wishes to change, rather than rewrites the header in its
entirety.  Of course the end result would look the same when you view
the packet, however you can recalculate the checksum from the old and
new IP addresses without reading the entire packet, so that's a gain for
not using the full header creation code.
Note though that some protocols which don't pass well through NAT are
handled by an ALG (Application Level Gateway), and these modules will
rewrite the IP data.  Now if I were coding an ALG I'd certainly create
the entire header for scratch, and I might need to do the same with the
data.  Think of an FTP ALG for example.  Here the length of the data may
be changed, in particular it may grow.  The buffer that is currently
allocated for the packet may not have room to grow, so in that case,
you'd need to copy the data into a larger buffer probably as you parse
and alter the data.
rgds
Marc


Dwayne Saunders wrote:
> 
> Hi all,
> Was just wondering if any one could put me on to a good link in
> regards NAT and packet headers, simply what I am trying to find out is the
> packet header total rewritten or just the ip address part of the header and
> checksum, Or is a new header written to envelope the original header.
> 
> Or does each application do it differently.
> 
> Any help would be great.
> 
> Regards
> 
> D'Wayne Saunders




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=60802&t=60784
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: NAT [7:60784]

[Francisco Sedano/Inf-Pronet]

Hello!

And there are some issues with several protocols, as Marc points out. In
FTP, for example, possibly the new packet will be larger than original one.
(IP Addresses are codified in the data payload as text). So, it's possible
the router has to fragment the packet. And that's not a simple header
rewrite.

Francisco Sedano
Informatica Pronet.




   

"Marc Thach Xuan
Ky"
  
cc:
Enviado por:     Asunto:  Re: NAT
[7:60784]
   
[EMAIL PROTECTED]
   

   

10/01/2003
12:08
Por favor, responda
a
"Marc Thach Xuan
Ky"
   

   





Dwayne,
it's most likely that any NAT implementation would overwrite the header
data that it wishes to change, rather than rewrites the header in its
entirety.  Of course the end result would look the same when you view
the packet, however you can recalculate the checksum from the old and
new IP addresses without reading the entire packet, so that's a gain for
not using the full header creation code.
Note though that some protocols which don't pass well through NAT are
handled by an ALG (Application Level Gateway), and these modules will
rewrite the IP data.  Now if I were coding an ALG I'd certainly create
the entire header for scratch, and I might need to do the same with the
data.  Think of an FTP ALG for example.  Here the length of the data may
be changed, in particular it may grow.  The buffer that is currently
allocated for the packet may not have room to grow, so in that case,
you'd need to copy the data into a larger buffer probably as you parse
and alter the data.
rgds
Marc


Dwayne Saunders wrote:
>
> Hi all,
> Was just wondering if any one could put me on to a good link in
> regards NAT and packet headers, simply what I am trying to find out is
the
> packet header total rewritten or just the ip address part of the header
and
> checksum, Or is a new header written to envelope the original header.
>
> Or does each application do it differently.
>
> Any help would be great.
>
> Regards
>
> D'Wayne Saunders




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=60803&t=60784
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: NAT [7:60784]

[The Long and Winding Road]

""Francisco Sedano/Inf-Pronet""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Hello!
>
> And there are some issues with several protocols, as Marc points out. In
> FTP, for example, possibly the new packet will be larger than original
one.
> (IP Addresses are codified in the data payload as text). So, it's possible
> the router has to fragment the packet. And that's not a simple header
> rewrite.


I took a quick look at RFC's 1631 and 26something last night. 1631 is poorly
written IMHO, and pretty sloppy in some of its language. Neither one talks
specifically about what is supposed to happen in terms of which specific
fields are replaced. However, both talk about issues with checksums, packet
size changes, and both specifically mention FTP PORT ( and the other
operation, which I can't recall )




>
> Francisco Sedano
> Informatica Pronet.
>
>
>
>
>
> "Marc Thach Xuan
> Ky"
>
> cc:
> Enviado por: Asunto:  Re: NAT
> [7:60784]
>
> [EMAIL PROTECTED]
>
>
> 10/01/2003
> 12:08
> Por favor, responda
> a
> "Marc Thach Xuan
> Ky"
>
>
>
>
>
>
> Dwayne,
> it's most likely that any NAT implementation would overwrite the header
> data that it wishes to change, rather than rewrites the header in its
> entirety.  Of course the end result would look the same when you view
> the packet, however you can recalculate the checksum from the old and
> new IP addresses without reading the entire packet, so that's a gain for
> not using the full header creation code.
> Note though that some protocols which don't pass well through NAT are
> handled by an ALG (Application Level Gateway), and these modules will
> rewrite the IP data.  Now if I were coding an ALG I'd certainly create
> the entire header for scratch, and I might need to do the same with the
> data.  Think of an FTP ALG for example.  Here the length of the data may
> be changed, in particular it may grow.  The buffer that is currently
> allocated for the packet may not have room to grow, so in that case,
> you'd need to copy the data into a larger buffer probably as you parse
> and alter the data.
> rgds
> Marc
>
>
> Dwayne Saunders wrote:
> >
> > Hi all,
> > Was just wondering if any one could put me on to a good link in
> > regards NAT and packet headers, simply what I am trying to find out is
> the
> > packet header total rewritten or just the ip address part of the header
> and
> > checksum, Or is a new header written to envelope the original header.
> >
> > Or does each application do it differently.
> >
> > Any help would be great.
> >
> > Regards
> >
> > D'Wayne Saunders




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=60818&t=60784
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]