can one NAT have multiple public IP addreses for same end hosts behind it?
also
can one NAT have multiple public IP addreses one for each end hosts behind it?
Yes, and yes. NAT potentially represents a complete abstraction between private and public IP addresses; a single private address could make two outgoing connections and use a different public IP for each.
Whether that's useful is questionable, particularly since some protocols assume that a single application will always have the same public-facing IP address. And I don't know why you'd ever do 1:1 NAT. But you could, if you really wanted.
Related
It should be impossible right? But I used ipconfig and it is exactly the same as when I use a website to check my public IP address. They both start with 76.
It is possible to have public IP the same as your private one of course.
It seems like you are plugged directly into your ISP's network, without any NAT or other router in your way.
How public ipv4 addresses works in any cloud service.
Let consider GCP,
If all the Virtual Machines has public IPv4 addresses then IPv4 will runs out, because it has some limit but we can create a lot of machines on the cloud.
Same goes with either AWS or Azure.
So how they manage the IPv4 addresses?
A simple answer to your question is that cloud service providers like Azure, AWS, etc. have a pool of public IP addresses. These IP addresses are assigned to VMs when required and are released when your job is done.
You need to understand few things about IPv4 addresses.
There are two types of IPv4 addresses: Public IP address and private IP address
You can use only public IP addresses on the Internet. (Private IP addresses can be used only inside your network or company)
Every machine on the internet must have a unique IP address.
If you assign public addresses to every device (VMs) then they will get extinct. To overcome this problem we can use private IP addresses. Same Private IP addresses can be used by different organization at the same time. But what about the uniqueness? There comes the concept of NAT.
NAT allows you to use private IP addresses within an organization or your network and also allows you to communicate over Internet.
You can read more about NAT over here
In depth knowledge about NAT over here
As per IANA standards, below is the range for private IP,
10.0.0.0 to 10.255.255.255
172.16.0.0 to 172.31.255.255
192.168.0.0 to 192.168.255.255
Can IP addresse outside the range(above) used as private IP to communicate packets within a specific network?
Basically, you can use ever IP-Address-Range you want in your private network. There is no reglementation against this.
But you have to take precautions to avoid routing-trouble when a machine with an IP-Address that actually belongs to a public range wants to access the internet. Here you have to have a Router or Firewall that is able to NAT your internal address bidirectionally.
Sure, there is nothing preventing you from setting your static IP to anything you want. It's up to the router to decide where packets are routed. On your internal network, since you own the router, you can decide to use an IP range normally used for public traffic if you are OK with those public servers being inaccessible to you.
Note that this may cause unusual side effects with DNS if your server is running on an IP address to which another domain name resolves. The server would appear to be running on that domain. Maybe this is what you want, although with SSL you would get a warning that the server fingerprint does not match.
I'm asking about if the IP address of my router (my "public" IP address) is actually unique, i.e. it is not shared with other routers/hosts over the Internet.
If it is the case, I imagine that there will be some NAT policies applied by my ISP, which translates my "public" IP address and the port of my connection in some other IP:port pair (just like happens in local NAT).
Many operators use a version of NAT which is called by several names: Carrier Grade NAT, NAT 44, Large Scale NAT.
Essentially the operators use private addressing between the network core and the edge devices (i.e. your router) and then translate the private addresses to public addresses at the core of their network before traffic goes to another network.
There is not a one to one mapping between the private addresses and the public addresses, and even port numbers can be reused over time.
So to identify a given private address and hence user from the operator logs, you need to look at the public IP address, the public port and the timestamp (as the same public IP and port may be mapped to a different private IP at a different time).
Things start to get even more complex when you try to make the network devices as optimised as possible - there are mechanisms to try to assign to same public IP and port to a private IP that it has used previously for efficiency. This can give the impression to an end device that it has a static IP mapping in the NAT, but often this is not actually the case.
Finally, all the above is independent of any locate NAT you may have in your home or business - i.e. you can and probably will have a NAT translation on you local router for your locals devices also.
Unlike IP addresses, public IP addresses are not used in a local network but only on the internet. The routers (iphone: your box) IP address to internet, it that rent your box visible on the internet (it will respond to the ping). But also, when you use a website you use the public address of the web server.
A public IP address is unique in the world, which is not the case for private addresses which must be unique in the same local network but not at the global level since these addresses can not be routed on the internet.
Public IP addresses that list all IP addresses of classes A, B, and C that are part of the list of private addresses for those classes or class A exceptions.
I have a router that runs on two VM. The second VM has IP address of 9.1.2.2
I have look IP address overview,
Private networks should use private network addresses like 192.168.x or 10.x. It is not a good idea to use a public IP address that has not been assigned to you. At this moment reverse DNS seems to say that 9.1.2.2 is unassigned but that doesn't make it safe to use.