Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 7 years ago.
Improve this question
There is a Static NAT rule that achieves the following.
(for the question, let's assume the WAN subnet has a subnet of 1.1.1.1/24)
Inbound traffic to the WAN interface on port X to 1.1.1.6 gets NAT'ted to LAN IP 192.168.0.1.
Now this isn't a 1-1 NAT rule, just a Static NAT for the inbound traffic. When return traffic is sent back to the client, does the firewall know to NAT traffic back to the client with the source IP of 1.1.1.6 ?
I'm assuming it has to? As TCP is a two-way protocol, if the client received traffic back on a different IP to the IP it sent the traffic to, it would drop it?
A static 1:1 NAT defines which inside address translates to which outside address, so there is nothing for the NAT router to figure out; it is already given to the router in the configuration. It merely has to translate the destination address on outside sourced packets, and the source address on inside sourced packets; a simple, static, table lookup.
It gets more complex when the NAT isn't static or 1:1. Then the NAT router then needs to build tables on the fly, and create timeouts for the table entries.
It depends on the type of NAT.
If it's many-to-one NAT, then that's correct. Outbound packets establish a record that is used to know what to do with inbound packets. This is the most common type of NAT and the type used in typical home networks.
It it's one-to-one NAT, then any inbound packet received that is addressed to 1.1.1.6 (in your example) would be NATted to 192.168.0.1.
Related
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 2 years ago.
Improve this question
I'm trying to enable port forwarding in my router (ZTE F660) but for some reason it is not working at all. First I started my server application in my ubuntu machine and I fixed its ip address to 192.168.1.2. Then, I set the rules as following:
It did not work. So, I've tried to disabled the firewall on my router settings:
It did not work as well, then I've disabled the firewall of my host machine by typing:
sudo ufw disable
And it did not work. Then, I tried to use many different ports and it did not work! :(
I've tried to use some port forwarding testers (like this one: https://hidemy.name/en/port-scanner/) and it always says that the state of the port is "filtered". I called the provider of my internet and they said that the port forwarding should be running but they did not offer technical help. Can anyone help me with this? Can't think about anything else to do.
Your ISP is using CGN (Carrier-Grade NAT) because your WAN address is in the Shared address space (100.64.0.0/10). That is not public address space, and it is defined by RFC 6598, IANA-Reserved IPv4 Prefix for Shared Address Space:
Abstract
This document requests the allocation of an IPv4 /10 address block to
be used as Shared Address Space to accommodate the needs of Carrier-
Grade NAT (CGN) devices. It is anticipated that Service Providers will
use this Shared Address Space to number the interfaces that connect
CGN devices to Customer Premises Equipment (CPE).
Shared Address Space is distinct from RFC 1918 private address space
because it is intended for use on Service Provider networks. However,
it may be used in a manner similar to RFC 1918 private address space
on routing equipment that is able to do address translation across
router interfaces when the addresses are identical on two different
interfaces. Details are provided in the text of this document.
This document details the allocation of an additional special-use IPv4
address block and updates RFC 5735.
The address block is detailed in Section 7:
7. IANA
Considerations
IANA has recorded the allocation of an IPv4 /10 for use as Shared
Address Space.
The Shared Address Space address range is 100.64.0.0/10.
That address space is also found in the IANA IPv4 Special-Purpose Address Registry.
What that means is that you have a home/residential ISP agreement. The ISPs are using CGN to save their precious public addresses for businesses willing to pay for them. The ISP NAT would also need to be configured to forward the port to your WAN addressing the Shared space, but the ISP cannot do that because others behind the CGN may also want that port forwarded to them.
The ISP does not really care that this breaks what you want to do because your residential ISP contract contains a clause forbidding you from running services from your network to the public Internet. You will need a public address and ISP permission to do what you want, and that probably means a business contract. The proliferation of CGN is a big driver for hosting companies, and that is an alternative way to do it.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 4 years ago.
Improve this question
I understand the basics of how ARP works, one host sends out a MAC Broadcast with "Who has this IP?" and some host in the network answers with "I have that IP".
But what happens if a Router is connected to the same LAN, the routers function would be to connect the LAN to the WAN (hope I got that right). Does the host asking for the adress then automatically switch and send a message to the connected router with his data or what happens?
What happens is, that your IP stack first determines to where it needs to send the packet to. If it goes to an IP address that is in a directly connected network, it will send the packet directly, otherwise, it will send the packet to the gateway.
This may sound abstract to you. For a simple case, suppose you have the following network:
host_a host_b
+----------+ +----------+
|10.1.1.101| |10.1.1.102|
+-----+----+ +-----+----+
| | +--------+ <--------->
-----+--------------+-----------+10.1.1.1|--------< INTERNET >
+--------+ <--------->
Router
On your host_a, you will have
ip address 10.1.1.101
netmask 255.255.255.0
default gateway 10.1.1.1
On your host_b, you will have
ip address 10.1.1.102
netmask 255.255.255.0
default gateway 10.1.1.1
Suppose host_a wants to send a packet to 10.1.1.102. If you use the IP address and netmask, you see that it is in the same subnet. So, host_a will send an ARP-request onto the network asking "Hey, who has 10.1.1.102?" Host_b will respond with its MAC-ID.
Now suppose host_a wants to send to 8.8.8.8. That is not on the local network. So, host_a will now send it to its default gateway, 10.1.1.1. Host_a will send an ARP-request "Hey, who has 10.1.1.1?" and the router will respond with its MAC-ID.
The procedure above is a great simplification of what actually happens, but it may help you a step further in how your network works.
(the question may be more appropriate for another SE site, but then someone will probably migrate it)
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 6 years ago.
Improve this question
This questions is hypothetical, this situation would most likely never happen nor could any router handle it
Situation 1
Lets say for example you (somehow) managed to put 255 devices onto your network. Lets refer to the 255th device as D255 and, just for later reference, the router's IP address is 192.168.0.1. If I am correct D255's local IP address should be 192.168.1.255. So what if we buy a new device (D256) and connect it to my home internet along with the other 255 devices. What would D256's local IP address become? I thought about it and I assume that it would be 192.168.2.1. Am I correct?
Situation 2
After thinking about situation 1 I came up with another situation. What if you had 65025 (255 * 255 = 65025, if you see where I'm going with this.) devices connected to the your internet? The last device's (I will refer to as D65025) local IP adress should be 192.168.255.255 (That is assuming that situation1's solution is correct.). So what if I go out and buy a another device (D65026) what would it's local IP address be? It can't become 192.168.256.1 because the numbers can not exceed 255 and it can't become 192.169.1.1 because 192.168.x.x is the local IP reserve and 192.169.1.1 exceeds the local IP limit and (correct me if I'm wrong) would be a external IP address. So what would happen?
I appreciate your feedback!
A local network will typically be configured with a DHCP server to hand out IPv4 address leases along with name server addresses and a gateway address.
Residential and small commercial routers are usually configured to do Network Address Translation and have a DHCP server configured to hand out Private IPv4 addresses and the router's private IP as the gateway and nameserver. The size of the local subnet is determined by the router's configuration.
A typical configuration is 192.168.0.0/24 which provides 254 host addresses.
The DHCP server has configuration that specifies the address pool it can hand out leases for, how a DHCP server behaves if it is asked for a lease when all addresses in the pool are currently assigned depends on the configuration, but in most situations it will just not respond as there are "no free leases".
In this situation a host will likely select a link-local zero-configuration address from 169.254.0.0/16 and not have any Internet access or any other hosts on the network except those with Zero Conf addresses. It may retry DHCP at a later point.
The RFC1918 private address block 192.168.0.0/16 actually has capacity for 65534 uniquely addressed hosts. Ignoring the issues of having a layer 2 broadcast domain of this size, the same constraints apply: when there are no leases left to assign, none are assigned.
If these private addresses are to have Internet access they will be Network Address Translated to one or more public IP addresses (usually one) by the router. One public address is unlikely to be sufficient for a large number of private network hosts, constrained by the availability of local TCP / UDP port numbers.
I suggest you read up on IP networking to fill in basic knowledge.
If you are using DHCP, when you run out of addresses, it will kick one of the other devices off the network, probably the one which connected first. There are only so many devices which can connect to a network, but that number depends on the router configuration.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 8 years ago.
Improve this question
If I have a server that is allocated a static IP, and that server sits behind a NAT controlled router will my server always be able to send a response directly back to the IP & Port of the sending client?
My server may be a game server or some other type of UDP based service, but it will always be inside a NAT controlled network, and reciving UDP packets from externally connected clients.
if server responds to that IP and port client will always receive response back ?
Yes - the router(s) in charge of the NAT will maintain state such that returned traffic is translated back to the correct, original client. This is true of any layer 3 traffic (protocol and port doesn't matter).
Consider the following:
Client IP Client public IP Server public IP
192.168.10.151 <-router-> 86.45.75.12 <-internet-> 125.12.67.35
Corresponding traffic flow:
1) Client request traffic:
---------------------------------------------------> arrives with source of 86.45.75.12
2) Server response traffic sent back to 86.45.75.12:
<--------------------------
3) Translated back to 192.168.10.151:
<-----------------------------------
The server will see traffic with a source of 86.45.75.12, and will send response traffic back to that IP. The router handling the NATing for the client will maintain state such that it knows response traffic coming from 125.12.67.35, going back to 86.45.75.12, will be correctly translated and routed to the original source, 192.168.10.151.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 6 years ago.
Improve this question
I've got a Draytek Vigor 2820 that's used to connect to the internet. WAN1 is used as an ADSL backup, and WAN2 is our main fibre connection. WAN2 has a total of 6 IP addresses, a single dynamic one and 5 static IPs and is configured up as a PPPoE connection with DynamicIP.
I use NAT Port Redirection to open up some specific ports to various servers (web development, FTP, RDC etc)
I use NAT Open Ports to open up some static IP ports to specific servers
I use NAT Address Mapping to force all traffic received on one static IP to our Exchange server
What I want to do is to force outgoing traffic to use one of the static IPs and have hit a brick wall. Ideally I'd like to force specific traffic but would settle for all!
Under LAN is the ability to configure Static Routes, but this is purely there to allow internal routing (for VLANs).
Anybody else who has this type of router and can give me any suggestions?
OK, managed to work this one out.
Under WAN > Internet Access, select WAN2
On the PPPoE page, change the "Fixed IP" to Yes and enter one of the static IP's into the Fixed IP Address box. Click OK and then reboot the router.
All traffic will now go from that IP address. If you go back to the same page and click WAN IP Alias, the top spot will have the IP address entered in it which will likely be repeated in the list, I just removed the 'double' from the NAT pool and everything seems to work OK.
Sadly there appears to be no way of having all traffic to one IP being sent via one static IP