NAT and ICS
From Proprofs
You are here: Home > Schools > Comptia > Network+ Certification > Wiki Home >Study Guide
Contents |
[edit section] NAT & ICS
One of the main concerns with IPv4, as mentioned previously, is the relatively low number of IPv4 addresses available. One Internet connection corresponds to one IP address – the IP address usually maps to the device connected to the Internet gateway (modem, cable modem, DSL, etc.) However, in many cases, it is desirable to “share” a connection in such a way that multiple nodes can utilize the connection from one node. For example, in many home networks, families do not wish to pay for an IP address per each computer that a family member owns. Rather, the family would rather share one connection (one IP address).
The question that should immediately come to mind, however, is: How can multiple nodes communicate with the Internet without a unique identifier? The answer is that through NAT, or Network Address Translation, it is very possible for one device to “share” its internet connection with other networked devices. A large amount of real-world (not just Network+) troubleshooting is centered on the use of NAT, so it would be to your advantage to fully understand NAT.
[edit section] How Network Address Translation Works
Consider a home that receives postal mail. It has only one postal address and deals with other postal addresses. Now, how would a home with five family members receive mail? They would use their names to specify who they are. So, mail might be directed to “Ken” or “John,” not just to the address. In a similar way, NAT allows for the establishment of connections between internal (network) members and the Internet. A typical scheme for this is below:
192.168.1.114 (Accounting) wants to connect to 44.33.22.11 (Bank)
192.168.1.114 accesses default gateway, 192.168.1.1
192.168.1.1 connects to 44.33.22.11 on 53.24.14.11 (the “Wide” IP) Random Port
44.33.22.11 transfers data to 53.24.14.11 (192.168.1.1)
192.168.1.1 transfers data to 192.168.1.114 on Random Port
[edit section] Considerations
As you can see, NAT is actually quite simple in application, but there are issues associated with NAT. Perhaps the most important (and common) issue associated with NAT is the relative difficulty or even impossibility of opening a connection to a NAT-connected computer from a remote host. “Remote-to-local” connections are prone to failure because no port is opened for communication between that remote host and the local host. In contrast, when the local host wants communication, it is very possible because the NAT device (usually the gateway/switch/router) will automatically create a temporary random port for communication. There are, however, ways (such as Port Forwarding) to allow a remote host to connect to a PC behind an NAT device, but these are covered elsewhere.
Another consideration, of course, is that NAT is not a replacement for a firewall. Many people claim that they are “behind a firewall” when in fact they are simply behind an NAT device. Just because NAT can “hide” a network doesn’t mean that NAT is capable of keeping a network safe. If you remember correctly, a firewall performs a different function than does NAT; a firewall “filters” traffic, while an NAT device (at best) blocks traffic.
[edit section] ICS (Internet Connection Sharing)
Internet Connection Sharing is the built-in NAT feature in Microsoft Windows and allows a Windows PC to “share” its Internet connection to other networked devices. In this configuration, the PC with ICS is directly connected to the Internet in some way (modem, ISDN, etc.) and networked with other computers. The ICS-enabled PC can then share its connection with other Windows computers, acting as an NAT device. In addition, the ICS-enabled PC can automatically assign IP addresses through DHCP, a feature covered in a different article.
[edit section] Quick Review
1. A user complains that he cannot access his office computer through “Remote Desktop.” He is certain that he has entered the correct hostname to connect to and that “Remote Desktop” is listening on the office computer. What is the most likely explanation?
a. Remote Desktop has encountered an illegal exception
b. He needs to enable ICS on the remote PC
c. He needs to enable NAT on the remote PC
d. NAT on the office router/gateway is blocking his request to his office PC
e. His office router/gateway is down
2. Which of the following is not a reason that NAT is currently employed?
a. Exhaustion of IPv4 addresses
b. Ability to block incoming traffic from remote hosts
c. Ability to “share” an Internet connection
d. To minimize costs (for having extra IP addresses)
e. Allows automatic assignment of IPv4 addresses
[edit section] Answers:
1. The user cannot access his PC because his PC is most likely behind an NAT-enabled device, which would prevent incoming traffic because no port would be available by default. The answer is D.
2. DHCP allows automatic assignment of IPv4 addresses; this is not a feature of NAT. The answer is E.
Top 5 Contributors to this article
|
|||||||||||
