Just a few distinctions -
NAT - (Network Address Translation) is the translation of an Internet Protocol
address (IP
address) used within one network to a different IP address known within another
network. One
network is designated the inside network and the other is the outside. Typically, a
company
maps its local inside network addresses to one or more global outside IP address.
I got the above from http://www.whatis.com.
PAT - is roughly the same as NAT with the exception that all addresses on the inside
trusted network are all seen to
the outside network as the same address. The device keeps track of these
connections based on source ports assigned at the firewall
or translating device.
IP Masq - has the ability to do both of the above OSI layer 3 functions. It can
also do layer 4 filtering, TCP vs UDP to include filtering on port numbers.
The major distinction between address translation and the full functionality of IP
Masq is the difference between layer three activity and layer four.
Andrew
Michael Long wrote:
> Well, since I've asked the question, here is what I've learned. IP Masq is
> a "subset" of NAT. :) (Any questions) :)
> NAT, network address translation. I can have a one to one NAT, meaning for
> every ip address I have on the inside there is a corresponding ip address
> that it gets mapped to on the router/firewall on the outside. I can also
> have a one to many NAT meaning that for every IP address I have on the
> inside it gets mapped to one ip address on the outside. IP Masq is linux's
> way of saying the latter. NAT is the generic term and IP masq is a linux
> specific term. At least that's my .02 cents worth.
>
> Michael
>
> On Thu, 20 Jan 2000, Mike Machado wrote:
>
> > My bad. I was explaining PAT (port address translation). Same effect, different
> > approach. Thats right, IP Masq uses TCP/IP headers to deturmin its stuff.
> >
> > Quoting Sean-Paul Rees <sean@dreamfire.net>:
> >
> > > Mike Machado wrote:
> > > >
> > > > Technically NAT is having MORE THAN ONE IP on the outside network that
> > > > gets translated to a different IP on the inside.
> > > > Most think that there is only one real IP on the outside, but true NAT
> > > > has more than one IP. IP Masquerading utilizes TCP ports to keep track
> > > > of what internal IP is doing a request and then using the ONE REAL IP
> > > > issues a request on the net. Once it gets the response, it knows who is
> > > > who because of the unique sending port from the internal client and
> > > > forwards the data back to that user. Anyone have different opinions?
> > >
> > > Dunno there Mike. I run NAT (FreeBSD's natd) for my cable modem. I have
> > > a RFC1918 network on the inside and a single IP on the outside. I'm not
> > > sure that it determines the connection by port... I heard somewhere
> > > that FreeBSD's NAT sticks a specialized little "tag" on the connection
> > > and when that "tag" comes back from the outside host it knows where to
> > > route.
> > >
> > > As for the difference between IPMasq and NAT... IP Masq is very hard to
> > > setup and configure compared to FreeBSD's NAT :-)
> > >
> > > Cheers,
> > > Sean
> > > ****************************************************************************
> > > * To UNSUBSCRIBE from the list, send a message with "unsubscribe lug-nuts"
> > > * in the message body to majordomo@saclug.org. Please direct other
> > > * questions, comments, or problems to lug-nuts-owner@saclug.org.
> > >
> >
> >
> >
> > Mike Machado
> > mike@innercite.com
> > InnerCite
> > Network Specialist
> > ****************************************************************************
> > * To UNSUBSCRIBE from the list, send a message with "unsubscribe lug-nuts"
> > * in the message body to majordomo@saclug.org. Please direct other
> > * questions, comments, or problems to lug-nuts-owner@saclug.org.
> >
>
> ****************************************************************************
> * To UNSUBSCRIBE from the list, send a message with "unsubscribe lug-nuts"
> * in the message body to majordomo@saclug.org. Please direct other
> * questions, comments, or problems to lug-nuts-owner@saclug.org.
****************************************************************************
* To UNSUBSCRIBE from the list, send a message with "unsubscribe lug-nuts"
* in the message body to majordomo@saclug.org. Please direct other
* questions, comments, or problems to lug-nuts-owner@saclug.org.
This archive was generated by hypermail 2b29 : Fri Feb 25 2000 - 14:29:11 PST