home
Wi-Fi
Nat service. Network address translation technology, PAT and NAT mechanisms. NAT and Internet telephony using SIP protocol

Nat service. Network address translation technology, PAT and NAT mechanisms. NAT and Internet telephony using SIP protocol

NAT, or Network Address Translation, is a way of reassigning one address space to another by changing the network address information in the Internet Protocol or IP. Packet headers change while they are in transit through routing devices. This method was originally used to more easily redirect traffic on IP networks without the need to number each host. It has become an important and popular tool for allocating and maintaining the global address space in the face of an acute shortage of IPv4 addresses.

What is NAT?

The use of network address translation is to map each address from one address space to an address that is in a different address space. This may be necessary in the event that the service provider has changed, and the user does not have the opportunity to publicly announce the new route to the network. In the face of global address space depletion, NAT technology has been increasingly used since the late 1990s. Typically this technology is used in conjunction with IP encryption. IP encryption is a method of converting multiple IP addresses into one space. This mechanism is implemented in a routing device that uses persistent translation tables to map hidden addresses to a single IP address. It also redirects all outgoing IP packets on the egress. Thus, these packets are displayed as leaving the routing device. Backlink responses are mapped to the original IP address using rules stored in translation tables. In turn, the translation tables are cleared after a short time if the traffic does not update its state. This is what the basic NAT mechanism is. What does this mean? This technology makes it possible to organize communication through a router only when the connection takes place in an encrypted network, as this creates translation tables. Inside such a network, a web browser can view a site outside of it, but being installed outside of it, it cannot open a resource that is hosted on it. Most NAT devices today allow the network administrator to configure translation table entries for permanent use. This feature is often referred to as port forwarding or static NAT. It enables traffic outbound to the "outside" network to reach designated hosts on the encrypted network. Because of the popularity of the technique used to preserve the IPv4 address space, the term NAT has practically become synonymous with encryption. Since network address translation changes the address information of IP packets, this can have serious consequences for the quality of the connection. So it requires close attention to all the implementation details. The ways NAT is used differ from each other in their specific behavior in different situations that relate to the impact on network traffic.

Basic NAT

The simplest type of NAT allows one-to-one translation of IP addresses. The main type of this broadcast is RFC-2663. In this case, only the IP addresses are changed, as well as the checksum of the IP headers. Basic translation types can be used to connect two IP networks that have incompatible addressing.

Most NAT flavors are capable of mapping multiple private hosts to a single publicly designated IP address. A LAN in a typical configuration uses one of the assigned "private" IP addresses for the subnet. On this network, the router has a private address in space. Also, the router connects to the Internet using a "public address" that is assigned by the Internet provider. Since traffic passes from the local Internet, the source address in each packet is translated from private to public on the fly. The router also keeps track of basic data about each active connection. In particular, this applies to information such as address and port of destination. When the answer is returned to him, he uses the connection data that is saved during the exit phase. This is necessary in order to determine the private address of the internal network to which the response should be directed. The main advantage of this functionality is that it is a practical solution to the problem of depleting the IPv4 address space. Even large networks can be connected to the Internet using a single IP address. All packet datagrams on IP networks have two IP addresses - the source address and the destination address. Packets traveling from the private network to the public network will have a packet source address that changes during the transition from the public to the private network. More complex configurations are also possible.

Features of NAT configuration

NAT configuration can be specific. Further modifications may be required to avoid the hassle of translating returned packages. Most of the internet traffic will go through UDP and TCP. Their numbers are changed so that IP addresses and port numbers are matched when data is sent back. Protocols that are not based on UDP or TCP require different translation methods. Typically, ICMP, or Internet Message Control Protocol, correlates the transmitted information with the existing connection. This means that they should be displayed using the same IP address and number that was originally set. What needs to be considered? Configuring NAT on the router does not provide end-to-end connectivity. For this reason, such routers cannot participate in some Internet protocols. Services requiring the initiation of TCP connections from the external network or non-protocol users may simply not be available. If the NAT router does not make much effort to support such protocols, then incoming packets may never reach their destination. Some protocols can be hosted in the same translation between the participating hosts, sometimes using an application layer gateway. However, the connection will not be established when both systems are separated from the Internet using NAT. Also, the use of NAT complicates tunneling protocols such as IPsec, as it changes the values ​​in the headers that interact with the integrity checks of requests.

NAT: an existing problem

The basic principle of the Internet is end-to-end connectivity. It has existed since its inception. The current state of the network only proves that NAT is a violation of this principle. In a professional environment, there are serious concerns about the widespread use of network address translation in IPv6. Thus, today the question is raised about how this problem can be eliminated. Because the translation-state tables in NAT routers are not inherently permanent, devices on the internal network lose IP connectivity within a very short time period. We must not forget about this circumstance when talking about what NAT is in a router. This significantly reduces the operating time of compact devices that run on rechargeable batteries and batteries.

Scalability

NAT also only monitors ports that can be quickly exhausted by internal applications that use multiple concurrent connections. These can be HTTP requests for pages with a large number of embedded objects. This problem can be mitigated by tracking the IP address in the destination in addition to the port. One local port can thus be shared by a large number of remote hosts.

NAT: some complications

Since all internal addresses are disguised as one public address, it is impossible for external hosts to initiate a connection to a specific internal host without setting up a special configuration on the firewall. This configuration should redirect connections to a specific port. IP telephony, video conferencing, and similar applications must use NAT traversal techniques to function properly. The Rapt translation port and return address allows a host whose IP address changes from time to time to remain available as a server using the fixed IP address of the home network. This should in principle allow the server setup to keep the connection. Although this solution is not ideal, it can be another useful tool in a network administrator's arsenal when solving problems associated with configuring NAT on a router.

PAT or Port Address Translation

Port Address Translation is a Cisco Rapt implementation that maps multiple private IP addresses to a single public one. Thus, multiple addresses can be mapped as an address because each is tracked using a port number. PAT uses unique internal global IP source port numbers to distinguish the direction of data transfer. These numbers are 16-bit integers. The total number of internal addresses that can be translated to one external address can theoretically reach 65536. In reality, the number of ports to which a single IP address can be assigned is approximately 4000. PAT, as a rule, tries to keep the original port of the "original" ... If it is already in use, Port Address Translation assigns the first available port number, starting at the beginning of the corresponding group. When there are no available ports and there is more than one external IP address, PAT moves to the next to allocate the source port. This process will continue until the available data runs out. Cisco Service displays address and port. It combines the translation port address and data for tunneling IPv4 packets over an internal IPv6 network. In fact, it is an alternative version of Carrier Grade NAT and DS-Lite, which supports IP translation of ports and addresses. This avoids the problems associated with establishing and maintaining a connection. It also provides a transition mechanism for IPv6 deployment.

Translation methods

There are several main ways to implement translation of a network address and port. Certain application protocols require you to determine the external NAT address used at the other end of the connection. It is also often necessary to study and classify the transmission type. Typically, this is done because it is desirable between two clients behind separate NATs to create a direct communication channel. For this purpose, a special protocol RFC 3489 was developed, which provides a simple UPD traversal through NATS. Today it is already considered outdated, since these days such methods are considered insufficient for a correct assessment of the operation of devices. In 2008, RFC 5389 was developed and new methods were standardized. This specification is called Session Traversal today. It is a dedicated utility for NAT.

Create two-way communication

Each UDP and TCP packet contains the source IP address and port number, as well as the destination port coordinates. The port number is very important for getting public services such as mail server functionality. So, for example, port 25 connects to the SMTP mail server and port 80 connects to the web server software. The IP address of the public server is also essential. These parameters must be reliably known to those nodes that intend to establish a connection. Private IP addresses are only relevant on local networks.

FRAGE:

Mein Spiel zeigt mir an, mein NAT sei Strict oder Moderate. Wie bekomme ich Open NAT?

ANTWORT:

Ein Strict oder Moderate NAT kann dazu führen, dass Sie nicht alle Features Ihres Online-Mehrspieler-Spiels genießen können.

NAT steht für Network Address Translation (Netzwerkadressübersetzung). Grob gesagt ist es eine Methode, den Verkehr aus dem Internet (zum Beispiel einer Webseite, einem Spielserver oder einem P2P-Netzwerk) zum richtigen Gerät (zum Beispiel Computer, Konsole, Tablet) ihn Ihrem lokalen Netzwerk. Weiterzuleitule Diese Methode zieht sowohl das Gerät als auch den Ursprung des Verkehrs in der "Unterhaltung" in Betracht und das kann dazu führen, dass Sie für manche Dienste oder Spiele Open NAT haben und Strict NAT für andere.

Die Hardware, die in einem Netzwerk für NAT verantwortlich ist, ist der Router. Ihr Anfangspunkt beim NAT-Troubleshooting sollte daher Ihr Router und seine Konfiguration sein, auch wenn andere Faktoren Ihr NAT negativ beeinflussen können.

Das kann gut oder schlecht sein:

Einige Router sind leichter zu konfigurieren als andere
- Wenn Sie eine gemeinschaftliche Internetverbindung benutzen (zum Beispiel in einem Wohnheim, einer Militärbasis, einem Krankenhaus) haben Sie vielleicht keinen Zugang zu Ihrem Router
- Manche Internetanbieter bieten Ihnen einen Router für zuhause an, aber organisieren das Netzwerk so, dass Sie hinter einem weiteren Router sitzen, zu dem Sie keinen Zugang haben. (Ihr Router ist so nicht direkt mit dem Internet verbunden, sondern mit einem zweiten "lokalen" Netzwerk. Dieses Szenario nennt man.)


Nun zum Troubleshooting!

Wir haben Troubleshooting-FAQs für Verbindungsprobleme für die meisten Ubisoft-Spiele zusammengestellt. Um diese zu finden, klicken Sie auf die Suchleiste oberhalb von diesem FAQ, wählen Sie Ihr Spiel und Ihre Plattform und geben Sie ein Verbindungsschwierigkeiten... Die Suche zeigt Ihnen das passende Verbindungs-FAQ für Ihr Spiel an, mit dem Sie NAT-Schwierigkeiten sowie andere Verbindungsprobleme beheben können.

What is NAT

Your computer can be connected to the internet directly. Then they say that he has external IP address.

This usually means that the computer is directly connected to a modem (DSL, cable or conventional analog).

Behind NAT means that your computer is not connected to the Internet, but to a local network. Then he has interior An IP address that is inaccessible from the Internet itself.

Your computer gains access to the Internet through NAT - the process of translating internal addresses to external ones and vice versa. A NAT device is commonly referred to as a router.

The nature of NAT operation is such that connections initiated by your computer transparently pass through the NAT device to the Internet. However, connections that other computers from the Internet would like to establish with you cannot reach you.

Find the IP address of the computer

Run "> Open a dialog box for launching programs: click on the Start button, select Run from the menu.

In Windows 2000 / XP, type the cmd / k ipconfig command, click OK and look at the result.

Windows 2000 IP Configuration Ethernet adapter Local Area Connection: Connection-specific DNS Suffix. : IP Address. ... ... ... ... ... ... ... ... ... ... ... : 192.168.1.10 Subnet Mask. ... ... ... ... ... ... ... ... ... ... : 255.255.255.0 Default Gateway. ... ... ... ... ... ... ... ... : 192.168.1.1

The first of these addresses is the IP address of your computer.

Are you behind NAT

Three special ranges of IP addresses are reserved for local networks and are not used on the Internet:

10. 0. 0. 0 - 10. 255.255.255 172. 16. 0. 0 - 172. 31.255.255 192.168. 0. 0 - 192.168.255.255

If the IP address of your computer is in one of these ranges, that is, it starts with 10. or 192.168. or from 172.nn. (where nn is from 16 to 31), then this is the local (internal) address, and you are definitely behind NAT.

If not, then now check under which IP address other computers on the Internet see you. For example at whatsmyip.org ("Your IP Address is x.x.x.x" at the top of the page) or myipaddress.com.

If the IP address of your computer matches the displayed one of these sites, then you are definitely connected to the Internet directly.

In other cases, it is impossible to say for sure. The following options are possible:

  • you are behind NAT, but your network administrator has chosen non-standard internal addresses for your local network. Find it and ask why it was necessary to do this.
  • you access the Internet through a proxy server (then whatsmyip.org showed you the address of this proxy server). In many cases, you can determine if there is a proxy server between you and the Internet by using, for example, lagado.com/proxy-test.

    Proxy connections are not covered in this tutorial..

NAT traversal options

If you are behind NAT, the next step is to determine exactly where the NAT device is located.

NAT provider

    Then they say that
  • the provider provides you with internet through NAT,
  • or what provider does not give you an external IP address,
  • or what are you connected through the local network of the provider

The easiest way is to call your provider and find out. Or ask knowledgeable neighbors with the same connection.

When connecting to the Internet through the local network of the provider, you cannot make an available port for yourself. Unless, of course, the provider specifically for you does not redirect a specific port, which is unrealistic. Or if you don't pay extra for the service, which is usually called "external" ("white") IP address.

NAT in an office or apartment building

In principle, the situation is the same, but you can look for approaches to the local admin. Ultimately, the solution to the issue of port availability depends on whether you have access to the router settings.

Alternatively, you can also try UPnP, suddenly it was left enabled in the router.

NAT is your own

In this case, you can almost always configure it and get an available port.

Usually this is either a connection through a home router or a connection through another computer, for example using ICS (the second option is not considered here).

Of course, in principle, it also happens that both your home and your provider have NAT, that is, your computer is behind two NATs at once. This can be checked by going into the settings of the router, looking at its external address and then following the above script (does it belong to this address ranges of local networks, whether it matches the address under which you are seen on the Internet).

About the principles of the protocol NAT (Network Address Translation) and now it's time to consider setting it up on hardware Cisco.

Configuring Static NAT

Recall that the static NAT is a one-to-one mapping between internal and external addresses. It allows external devices to initiate connections to internal devices using a statically assigned public address.

For example, an internal web server can be mapped to a specific internal global address so that it is accessible from external networks.

The diagram shows an internal network containing a web server with a private IPv4 address. The router is configured with static NAT to allow devices from the outside network to access the web server. A client on the external network accesses the web server using a public IPv4 address. Static NAT translates a public IPv4 address into a private one.

When configuring static NATs, there are two main tasks:

  1. Creating a mapping between internal local ( inside local) address and internal global ( inside global) addresses. For example, the inside local address 192.168.1.5 and the inside global address 208.165.100.5 are configured as static NAT translation in the diagram.
  2. After the mapping is configured, the interfaces participating in the translation must be configured as internal ( inside) and outdoor ( outside) regarding NAT. In the diagram, the router interface Serial 0/0/0 is internal and Serial 0/1/0 is external.

Packets arriving on the internal interface of the Serial 0/0/0 router from the configured internal local IPv4 address (192.168.1.5) are translated and then forwarded to the external network. Packets arriving on the external Serial 0/1/0 interface that are addressed to the configured internal global IPv4 address (208.165.100.5) are translated to the internal local address (192.168.1.5) and then redirected inside the network.

The configuration takes place in several steps:

  1. Create static translation between inside local and outside global addresses. To do this, use the command ip nat inside source static [local_IP global_IP]... To delete the broadcast, you need to enter the command no ip nat inside source static... If we need to translate not an address to an address, but an address to an interface address, then the command is used ip nat inside source static [local _IP interface_type interface_number].
  2. Let's define an internal interface. First, enter the interface configuration mode using the command interface [type number] and enter the command ip nat inside
  3. In the same way, define the external interface using the command ip nat outside

Router (config) # ip nat inside source static 192.168.1.5 208.165.100.5 Router (config) # interface serial0 / 0/0 Router (config-if) #ip nat inside Router (config-if) #exit Router (config) # interface serial0 / 1/0 Router (config-if) #ip nat outside

As a result, the broadcasts will go like this:

  1. The client wants to open a connection to the web server. The client sends the packet to the web server using the public IPv4 destination 208.165.100.5. This is the internal global address of the web server.
  2. The first packet the router receives from a client on the outside NAT interface forces it to check its NAT table. The destination IPv4 address is in the NAT table it is translated.
  3. The router replaces the inside global destination of 208.165.100.5 with the inside local 192.168.1.5 and forwards the packet to the web server.
  4. The web server receives the packet and responds to the client using the internal local source address 192.168.1.5.
  5. The router receives a packet from the web server to its internal NAT interface with the source address of the internal local address of the web server, 192.168.1.5. It checks the NAT table to translate the internal local address into the internal global one, changes the source address from 192.168.1.5 to 208.165.100.5 and sends it from the Serial 0/1/0 interface towards the client
  6. The client receives the package and the exchange of packages continues. The router follows the previous steps for each packet.

Static NAT check

A useful command to check if NAT is working is show ip nat translations... This command shows active NAT translations. Static translations, unlike dynamic translations, are always found in the NAT table.

Router # show ip nat translations Pro Inside global Inside local Outside local Outside global --- 208.165.100.5 192.168.1.5 208.165.100.70 208.165.100.70

Another useful command is the command show ip nat statistics... It displays information about the total number of active translations, NAT configuration parameters, the number of addresses in the pool, and the number of addresses that have been allocated.

Router # show ip nat statistics Total active translations: 1 (1 static, 0 dynamic; 0 extended) Peak translations: 2, occurred 00:00:21 ago Outside interfaces: Serial0 / 1/0 Inside interfaces: Serial0 / 0/0 Hits : 7 Misses: 0

To ensure that NAT translation is working, it is best to clear statistics from any past translations using the command clear ip nat statistics before testing.

Configuring Dynamic NAT

While static NAT is a persistent mapping between inside local and inside global addresses, dynamic NAT allows automatic mapping of inside local and global addresses (which are usually public IP addresses). Dynamic NAT uses a group or pool of public IPv4 addresses for translation. Dynamic NAT, like static NAT, requires the configuration of the inside and outside interfaces participating in NAT.


Let's consider an example of this scheme. We have an internal network with two subnets 192.168.1.0/24 and 192.168.2.0/24 and an edge router configured with dynamic NAT with a pool of public addresses 208.165.100.5 - 208.165.100.15.

Pool of public addresses ( inside global address pool) is available to any device on the internal network on a first come, first served basis. With dynamic NAT, one inside address is translated into one outside address. With this type of translation, there must be enough addresses in the pool to provide simultaneous provision to all internal devices that need access to the external network. If all addresses in the pool have been used, then the device must wait for an available address before it can access the external network.

Let's take a look at the tincture step by step:

  1. Define the pool to be used for translation using the command ip nat pool [name start_ip end_ip]... This address pool is usually a group of public, public addresses. Addresses are determined by specifying the starting IP address and ending IP address of the pool. Keywords netmask or prefix-length indicate the mask.
  2. You need to set up a standard access-list (ACL) to define only those addresses that will be broadcast. Let's enter the command. You can read about standard access-lists in this one (and about extended ones in). An ACL that allows a lot of addresses can lead to unpredictable results, so at the end of the list there is a command deny all.
  3. You need to bind the ACL to the pool and use the command ip nat inside source list [ACL_number] number pool [pool_name]... This configuration is used by the router to determine which devices (list) receive addresses (pool).
  4. Determine which interfaces are inside, in relation to NAT, that is, any interface that is connected to the internal network.
  5. Determine which interfaces are outside, in relation to NAT, that is, any interface that is connected to the outside network.

Router (config) # ip nat pool MerionNetworksPool 208.165.100.5 208.165.100.15 netmask 255.255.255.0 Router (config) # access-list 1 permit 192.168.0.0 0.0.255.255 Router (config) #ip nat inside source list 1 pool MerionNetworksPool Router ( config) # interface serial0 / 0/0 Router (config-if) #ip nat inside Router (config-if) #exit Router (config) # interface serial0 / 1/0 Router (config-if) #ip nat outside

How it will work in our scheme:

  1. Computers with addresses 192.168.1.10 and 192.168.2.10 send packets towards the server at the public address 208.165.100.70
  2. The router receives the first packet from host 192.168.1.10. Since this packet was received on an interface configured as a NAT inside interface, the router checks the NAT configuration to determine if the packet should be translated. The ACL allows this packet and the router checks its NAT table. Since there is no translation record for this IP address, the router determines that the source address 192.168.1.10 should be translated dynamically. R2 picks an available global address from the dynamic address pool and creates a translation entry, 208.165.200.5. The original IPv4 source address (192.168.1.10) is the inside local address and the translated address is the inside global address (208.165.200.5) in the NAT table. For the second host 192.168.2.10, the router repeats this procedure, picking the next available global address from the dynamic address pool, and creates a second translation entry, 208.165.200.6.
  3. After replacing the inside local source address in packets, the router forwards the packet.
  4. The server receives the packet from the first PC and responds using the destination address 208.165.200.5. When the server receives a packet from the second PC, the response will contain 208.165.200.6 in the destination address.
  5. When the router receives with a destination address of 208.165.200.5, it searches the NAT table and translates the destination address into the internal local address 192.168.1.10 and directs it towards the PC. The same happens with the packet directed to the second PC.
  6. Both PCs receive packages and the exchange of packages continues. For each next batch, the previous steps are performed.
Dynamic NAT check

The command is also used to check show ip nat displays all static translations that have been configured and any dynamic translations that have been generated by traffic. Adding a keyword verbose displays additional information about each translation, including how long ago the entry was created and used. By default, transfer data will expire after 24 hours unless the timers have been reconfigured using the command ip nat translation timeout [time_in_seconds] in global configuration mode.

To flush dynamic records before time-out, you can use the command clear ip nat translation... It is useful to flush dynamic entries when testing NAT configuration. This command can be used with keywords and variables to control which records are cleared. Specific entries can be cleared so that active sessions are not interrupted. Only dynamic translations are removed from the table. Static translations cannot be removed from the table.

You can also use the command show ip nat statistics which displays information about the total number of active translations, NAT configuration parameters, the number of addresses in the pool, and the number of translated addresses.

Since we are using ACLs here, you can use the command to check them show access-lists.

Configuring Port Address Translation (PAT)

PAT (also called NAT overload) stores addresses in the internal global address pool, allowing the router to use one inside global address for many inside local addresses. In other words, one public IPv4 address can be used for hundreds or even thousands of internal private IPv4 addresses. When multiple inside-local addresses are mapped to one inside global address, the port numbers TCP or UDP each internal node is distinguished by local addresses.

The total number of internal addresses that can be translated to one external address can theoretically be 65,536 per IP address. In practice, however, the number of internal addresses that can be assigned a single IP address is about 4,000.

There are two ways to configure PAT, depending on how your ISP allocates public IPv4 addresses. In the first case, the ISP allocates more than one public IPv4 address to the organization, while in the other, it allocates one public IPv4 address that the organization needs to connect to the ISP.

Configuring PAT for a pool of public IP addresses

If more than one public IPv4 address is available to us, then these addresses can be part of the pool that is used by PAT. This is similar to dynamic NAT, except that there are not enough common addresses to match internal addresses. A small pool of addresses is shared across a large number of devices.

The main difference between this configuration and the configuration for dynamic NAT is that the keyword overload which includes PAT.

Let's consider the PAT setting for the address pool step by step:

  1. Define the pool of global addresses that will be used for PAT translation using the command ip nat pool [name start_ip end_ip] netmask [mask] | prefix-length [prefix_length].
  2. Create a standard access-list allowing addresses to be translated. Command used access-list [ACL_number] permit source.
  3. Turn on PAT using the magic word Overload... Enter the command ip nat inside source list [ACL_number] number pool [pool_name] overload.
  4. We determine which interfaces are inside, in relation to NAT, and which are outside. We use the command ip nat inside and ip nat outside

An example of a setup for the schema that was used earlier, only now we will use PAT:

Router (config) # ip nat pool MerionNetworksPool2 208.165.100.5 208.165.100.15 netmask 255.255.255.0 Router (config) # access-list 1 permit 192.168.0.0 0.0.255.255 Router (config) #ip nat inside source list 1 pool MerionNetworksPool2 overload Router (config) # interface serial0 / 0/0 Router (config-if) #ip nat inside Router (config-if) #exit Router (config) # interface serial0 / 1/0 Router (config-if) #ip nat outside

Configuring PAT for one public IPv4 address

The diagram shows the topology of the PAT implementation for broadcasting one IP public address. In this example, all hosts from the 192.168.0.0/16 network (matching the ACL) that send traffic through the router will be mapped to the IPv4 address 208.165.99.225 (the IPv4 address of the S0 / 1/0 interface). Traffic will be identified by port numbers in the NAT table.

Setting:

  1. Create an access-list allowing the addresses to be translated - access-list [ACL_number] permit source.
  2. Configure the conversion of the source address to the interface address, via the command ip nat inside source list [ACL_number] interface [typenumber] overload
  3. Define external and internal interfaces via commands ip nat inside and ip nat outside.

The configuration is similar to dynamic NAT, except that instead of a pool of addresses, we use the interface address with the external IP address. NAT pool is not defined.

Example: Router (config) # access-list 1 permit 192.168.0.0 0.0.255.255 Router (config) # ip nat source list 1 interface serial0 / 1/0 overload Router (config) # interface serial0 / 0/0 Router (config- if) #ip nat inside Router (config-if) #exit Router (config) # interface serial0 / 1/0 Router (config-if) #ip nat outside

The PAT process will not change when using a single address, or pool of addresses.

Let's look at the PAT process step by step:

  1. In the diagram, two different PCs communicate with two different web servers. The first PC has a source address of 192.168.1.10 and uses TCP port 1444, and the second PC has a source address of 192.168.2.10 and coincidentally uses the same TCP port 1444
  2. The packet from the first PC first reaches the router and it, using PAT, changes the original IPv4 address to 208.165.99.225 ( inside global address). There are no other devices with port 1444 in the NAT table, so PAT uses the same port number and the packet is sent towards the server at 208.165.101.20.
  3. Then the packet from the second computer enters the router, where PAT is configured to use one global IPv4 address for all transfers - 208.165.99.225. Similar to the translation process for the first PC, PAT changes the outgoing address of the second PC to the internal global address 208.165.99.225. However, the second PC has the same source port number as the current PAT entry of the first PC, so the PAT increments the source port number until it is unique in its table. In this case, the source port entry in the NAT table and the packet for the second PC receives port 1445. Although both PCs use the same inside global address of 208.165.99.225 and the same source port number of 1444, the changed port number for the second PC (1445) makes each entry in the NAT table unique. This will become apparent when sending packets from servers back to clients.
  4. Servers respond to requests from computers, and use the source port from the received packet as the destination port and the source address as the destination address. It may seem that they are communicating with the same host at 208.165.99.225, however, they are not - they have different ports.
  5. When packets are returned to the router, it finds a unique entry in its NAT table using the destination address and destination port of each packet. In the case of a packet from the first server, the destination address 208.165.99.255 has several entries, but only one with the destination port 1444. Using this entry in its table, the router changes the IPv4 address of the packet's destination to 192.168.1.10 without changing the destination port. Then the packet is redirected to the first PC
  6. When a packet from the second server arrives at the router, it performs a similar translation. The destination IPv4 address 208.165.99.225 has multiple entries, but by using destination port 1445, the router can uniquely identify the broadcast entry. The destination IPv4 address will be changed to 192.168.2.10, in which case the destination port must also be changed back to the original value of 1444, which is stored in the NAT table. After that, the package is sent to the second PC
Checking Port Address Translation (PAT)

To check PAT, the same commands are used as for normal NAT. Command show ip nat translations displays translations of IP addresses along with ports and command show ip nat statistics shows information about the number and type of active transfers, NAT configuration parameters, the number of addresses in the pool, and the number of allocated addresses.

Router # show ip nat statistics Total active translations: 2 (0 static, 2 dynamic; 2 extended) Peak translations: 2, occurred 00:00:07 ago Outside interfaces: Serial0 / 1/0 Inside interfaces: Serial0 / 0/0 Hits : 4 Misses: 0 CEF Translated packets: 4, CEF Punted packets: 0 Expired translations: 0 Dynamic mappings: - Inside Source access-list 1 pool MerionNetworksPool2 refcount 2 pool MerionNetworksPool2: netmask 255.255.255.0 start 208.165.100.5 end 208.165.100.15 type generic, total addressers 10, allocated 1 (10%), misses 0 Total doors: 0 Appl doors: 0 Normal doors: 0 Queued Packets: 0

You can also use the debug to find problems, which is launched by the command debug ip nat which displays information about each packet that is broadcast by the router. You can also use the command debug ip nat detailed which generates a description for each package. This command also provides information about various errors, such as the inability to allocate a global address. However, this command is more demanding on device resources.

Router # debug ip nat IP NAT debugging is on Router # * Aug 24 16: 20: 331: 670: NAT *: s = 192.168.1.10-> 208.165.99.225 d = 208.165.101.20 * Aug 24 16: 20: 331: 682: NAT *: s = 208.165.101.20 d = 208.165.99.225 -> 192.168.1.10 * Aug 24 16: 20: 331: 698: NAT *: s = 192.168.1.10-> 208.165.99.225 d = 208.165.101.20 * Aug 24 16: 20: 331: 702: NAT *: s = 192.168.1.10-> 208.165.99.225 d = 208.165.101.20 * Aug 24 16: 20: 331: 710: NAT *: s = 208.165.101.20 d = 208.165 .99.225 -> 192.168.1.10

The output uses the following symbols and values:

  • * (asterisk) - An asterisk with NAT indicates that the translation is taking place along a fast-switched path. The first packet in a conversation is always slower, the rest of the packets go through a fast switching path.
  • s =- source IP address
  • a.b.c.d? w.x.y.z- this value indicates that the source address a.b.c.d is translated to w.x.y.z.
  • d =- destination IP address
  • - the value in brackets is the IP identification number.

Was this article helpful to you?

Please tell me why?

We are sorry that the article was not useful to you: (Please, if it does not make it difficult, indicate why? We will be very grateful for a detailed answer. Thank you for helping us become better!

You may need to assign a permanent, static IP address on the PlayStation 4 in order to establish a NAT Type 2 connection. Setting a permanent IP address ensures that your console will always have the same internal IP, even after you reboot the console. Some routers provide the ability to manually assign an IP address, so first you need to check if this is possible in your router. If not, then you can configure the static IP through the PS4 console menu.

This guide is divided into two parts. Read everything from start to finish.

How to manually configure a static IP address on a PlayStation 4 via a router

Find a way in your router to manually configure the IP address. Not all routers support this feature. The setup process will differ depending on the router model you are using. If your modem allows you to manually configure the IP address, then just assign a permanent IP for the PlayStation 4. In this case, you will not have to make any changes to the settings of the console itself. The router will independently assign an internal IP for the PS4, the functions of which are identical to the static one.

In case your router does not support manual IP settings, you will have to do the settings through the PS4 console. To do this, follow the instructions below:

  1. You can try to permanently bind your PS4 to the IP address you are currently using. To find this IP, turn on your PS4 and do the following:

Write down this IP and MAC address of the PS4 on a piece of paper. In addition, you will need to remember the IP address of your router, which is specified as the Default Gateway. How to do this is described in the next paragraph of our guide.

  1. Through the computer, go to the settings of the router (this is done through the browser, by entering the IP of the router, for example, 192.168.1.1. Or 192.168.1.0. / 192.168.0.1). You will need to permanently assign the PS4 the IP address you wrote down earlier in the first step.

Below is a screenshot with an example of a modem that allows you to manually assign an IP.

This router from Asus has lines for entering the IP address, after which the MAC address is selected from the drop-down menu. Use the address numbers that you wrote down in the first step of this guide. In our example, after recording the numbers, you must click the "Add" button.

Some routers cannot assign IP addresses that are in the router's DHCP range (the range of addresses that the router automatically assigns to various devices on your network). If this is your case, then you will need to select an IP address outside the DHCP range of the router. How to do this, see points 2-4 in the next section of this manual (“ How to set up a staticIP-address inPS4 »).

  1. Once you've linked your PS4 to a specific IP address, test your console connection to ensure it's working properly. To test the connection, do the following:

If the connection test is successful, you will see the message "Internet Connection Successful".

  1. Opening ports or Port Forwarding on your router means redirecting all traffic to a specific internal IP address. To get a NAT Type 2 connection, you need to forward the following ports to the IP address of your PS4:
  • TCP: 80, 443, 1935, 3478-3480
  • UDP: 3478-3479

More information on how to do this is

  1. After you've assigned a permanent IP address for your PS4 and redirected ports on your router, check your Internet connection. How to do this, see paragraph 3 of this manual.

Congratulations, your connection should be set to NAT Type 2.

If you were unable to establish a NAT Type 2 connection, check if you did everything right. Re-review the information you entered in the IP and MAC address line.

If you still have difficulty configuring a NAT Type 2 connection, check if the connection is properly established. You may have more than one router on your local network. To determine the number of routers on the network, you can use the free Router Detector program. It is very important that there was only one modem in the network, otherwise it is quite difficult to set up a network without unnecessary headaches.

How to set up a static IP address on PS4

If you have a router that cannot manually assign internal IP addresses, follow these steps to set up a permanent IP on your PS4:

  1. Find out what IP address, subnet mask, gateway and DNS the PS4 is currently using. To do this, follow the instructions below:

Make a note of the IP Address, Subnet Mask, Gateway, Primary DNS and Secondary DNS. You will need to enter all these numbers into the console a little later.

  1. Next, enter the router settings via your PC.

To enter the settings of the router, write its IP address in the browser line. You can find the IP in the list of addresses that you wrote down when performing step 1. The IP of the router is the address of the Default Gateway.

If you cannot figure out how to enter the modem settings, visit this page. Select your router model and read how to enter the settings.

You need to look through the settings to see the range of DHCP addresses that the modem uses to automatically assign IP devices on the network.

Below is a screenshot of how the line with this range should look like. Used the Linksys router menu. The DHCP range is circled in red.

  1. You will need to choose a number between 2 and 254, which is outside the DHCP range, in order to assign an IP to your set-top box.

In the example above, the Linksys router uses the range 100 to 149 to assign IP addresses to devices on the internal network. In this case, you can select, for example, the number 31, then the full IP address for the PS4 will look like this: 192.168.0.31. Here are some more examples to help you understand better:

  • If DHCP range is 200-254, you can choose numbers from 2 to 50
  • If the router uses a range of 50-200 then 2 to 49
  1. To check if the IP you have chosen can be used, do the following:
  • From the start menu open Run
  • Enter the command "cmd" without quotes and press Enter
  • After that, a black window should appear.
  • Next, in the input line, enter: "Ping (space) IP". For example: Ping 192.168.1.54
  • Hit Enter.

If the IP address does not ping, that is, packets go to it, but there is no response, then such an IP suits you, it is free. If packets come with responses, this means that the IP is currently in use, so you need to choose another, free address. Below is an example of an IP address that is already in use.

  1. Next, you need your PS4 to set the IP address you have chosen.
  • In the main menu, select "Settings"
  • Next - Network
  • Set Up Internet Connection

  • Choose Wi-Fi or LAN, depending on how your console is connected to the Internet.

  • On the How do you want to set up the Internet connection screen, select Custom

  • On the IP Address Setting screen, select Manual

  • Select an IP address

Now do the following:


If you have followed all the above steps exactly, then the static IP will be configured correctly. If you have any problems, check the correctness of the information entered, in particular, check the numbers that you entered in the line of the IP-address, gateway, DNS. To double-check this, open the PS4 main menu, select Settings => Network => View Network Status.

Wi-Fi

You May Also Like