Ethical Hacking Tricks 2015
Network address translation (NAT) enables you to access the Internet safely without having to change your private network IP addresses.
IP addresses are depleting rapidly due to widespread Internet growth. Organizations use private networks, which allows them to select any IP addresses they want. However, if two companies have duplicate IP addresses and they attempt to communicate with each other, they will have problems. In order to communicate on the Internet, you must have a unique, registered address. Just as the name implies, NAT is a mechanism that translates one Internet Protocol (IP) address into another.
Packet rules contains three methods of NAT. You commonly use NAT to map addresses (static NAT) or hide addresses (masquerade NAT). By hiding or mapping addresses, NAT solves various addressing problems.
Example: Hiding internal IP addresses from public knowledge
You are configuring a System i® platform as a public Web server. However, you do not want external networks to know your system's real internal IP addresses. You can create NAT rules that translate your private addresses to public addresses that can access the Internet. In this instance, the true address of the system remains hidden, making the system less vulnerable to attack.
Example: Converting an IP address for an internal host into a different IP address
You want private IP addresses on your internal network to communicate with Internet hosts. To arrange this, you can convert an IP address for an internal host into a different IP address. You must use public IP addresses to communicate with Internet hosts. Therefore, you use NAT to convert your private IP addresses to public addresses. This ensures that IP traffic from your internal host is routed through the Internet.
Example: Making the IP addresses of two different networks compatible
You want to allow a host system in another network, such as a vendor company, to communicate with a specific host in your internal network. However, both networks use private addresses (10.x.x.x), which creates a possible address conflict for routing the traffic between the two hosts. To avoid conflict, you can use NAT to convert the address of your internal host to a different IP address.
Static (map) NAT
Static (map) network address translation (NAT) provides a one-to-one mapping of private IP addresses to public IP addresses. It allows you to map an IP address on your internal network to an IP address that you want to make public.
Masquerade (hide) NAT
Masquerade (hide) network address translation (NAT) enables you the actual address of a personal computer private. NAT routes traffic from your personal computer to your system, which essentially makes the system the gateway for your personal computer.
Masquerade (port-mapped) NAT
Port-mapped network address translation (NAT) is a variation of masquerade NAT.
Parent topic: Packet rules concepts
Creating IP filter rules