👉 *Want more?* Watch the rest of the NAT Series: th-cam.com/play/PLIFyRwBY_4bQ7tJvbLA9A0v8Fq9l-H923.html 🐦 *Enjoy this content?* Help me out with a like and/or Retweet: twitter.com/ed_pracnet/status/1513944439625977858 📌 *Want to learn Subnetting?* --> th-cam.com/play/PLIFyRwBY_4bQUE4IB5c4VPRyDoLgOdExE.html 🖧 *Want to learn Computer Networking?* --> th-cam.com/video/bj-Yfakjllc/w-d-xo.html
I just realized that I was so confused about the whole thing because people are calling NAT everything when in reality it isn't. Thanks for the great content.
Thank You .. Your videos' are amazing and the best i have come by so far .. a novice IT Developer can get a quick hang of the networking world.. the way you teach & illustrate is simply mind blowing , I wish you could add more IT Topics like cloud Networking and APi's ..
Thank you the explanation. Would Dynamic PAT be what most home networks use? Myabe in combination with Static PAT? I'm having a ahrd time to understand the practical usecases of the protocols sometimes.
very clear, only one concern, you said that's why the source port is re-randomized but actually it's not re-randomized (if I understand correctly), the mapping confusion is fixed thanks to the source IP (from the receiving package). am I correct ?
Unfortunately, everyone calls NAT something different =/. But at it's core, there are still only 4 types of NAT that are simply applied in different ways. www.practicalnetworking.net/series/nat/nat-terminology-disambiguation/
Correct. Typically with TCP, the entry "expires" when the NAT device sees a RST or TCP FIN. Or after a certain amount of time. ANd with UDP it's just a simple timeout (every vendor has different defaults for this).
how to make sure the public IP address must have unique port numbers, as you said they're also randomized ? Is the router making sure that no two connections have the same port number on Public IP ?
It would be fun to tackle VPN stuff in more detail. But the sharing of the outbound VPN IP address will still occur as a simple Dynamic PAT. The VPN portion is independent of the NAT portion.
@@PracticalNetworking yes, thanks to your explanation, it's fascinating how brilliant the inventing of dynamic PAT is and how useful it's to services like shared VPN IP's. Your channel has very briefly touched on browser based SSL vpns, and it would be real interesting how their connections differ to say OpenVPN based VPNs, and how the topology looks when you use OpenVPN on the box and then also use the VPN extension, creating a tunnel inside a tunnel. And then if the destination site is also tls 1.3, it's then even more fun to think about. Could you elaborate on how, if the internal 10.x IP is mapped to a port via PAT to the VPNs front facing IP, how do say p2p, https, and Zoom can simultaneously work, and how those tunnels look like? Is ALL traffic from the 10.x machine mapped to a single public IP/port per authenticated VPN client out of say 100 clients, or is it more complex than that...how does it work... Would be great if you did a video along those lines!
Good question. Some router/firewall platforms do just that (use sequentially the next-number). But, if the next sequential is in use, then +2 sequentially is used, and so on. But not all vendors operate this way. Hence in the video, I simply said "re-randomized" to imply that you can not make any assumptions about what _new_ source port the Router will use. There also isn't really a _correct_ or _best_ way, as long as a unique source port is used, Dynamic PAT will work. Whether it be random, or sequential, or via some complicated algorithm, who knows? Hope you enjoyed the video.
Nope, Static NAT only allows 1 host to use 1 public IP. It can't allow multiple hosts to share the same IP address (without conceding it's bidirectionality).
Hi, will this possible that I have two webservers which will have to use same port 80 and two public IPs mapped to each web server. webserver-A:80 mapped with public IP-A:80 and webserver-B:80 mapped with public IP-B:80... im using single FW for this. one webserver is using outside interface and second sever used public ip used by NAT. I have /29 public IP block.. But i cant access both servers simultaneously. what would you suggest on this .
Unidirectional based upon the *initial* packet. A connection initiated from the inside will allow bi-directional packet flow. A connection initiated from the outside will not make it through the NAT device.
👉 *Want more?* Watch the rest of the NAT Series: th-cam.com/play/PLIFyRwBY_4bQ7tJvbLA9A0v8Fq9l-H923.html
🐦 *Enjoy this content?* Help me out with a like and/or Retweet: twitter.com/ed_pracnet/status/1513944439625977858
📌 *Want to learn Subnetting?* --> th-cam.com/play/PLIFyRwBY_4bQUE4IB5c4VPRyDoLgOdExE.html
🖧 *Want to learn Computer Networking?* --> th-cam.com/video/bj-Yfakjllc/w-d-xo.html
I just realized that I was so confused about the whole thing because people are calling NAT everything when in reality it isn't. Thanks for the great content.
Yup! Exactly. People often call translations the wrong thing!
I really hate unidirectional communication 🤢
Thank You .. Your videos' are amazing and the best i have come by so far .. a novice IT Developer can get a quick hang of the networking world.. the way you teach & illustrate is simply mind blowing , I wish you could add more IT Topics like cloud Networking and APi's ..
Thank you for the kind words, CK. I'm glad you're getting so much from my content =)
You have no idea how much you clarified this for me. I am so grateful. Thank you so much
Glad it helped =). Cheers!
You are a charismatic teacher!! God bless you!!
Cheers, Panagiotis ;)
The best explanation of NAT so far... thank you
Glad you enjoyed it =)
I have watched several videos on this topic, but this is far and away the most clear and most comprehensive treatment of the subject.
Thank you for the best NAT and PAT explaination.
You're welcome!
Thank you, you are a great teacher!
loving these, inline with the rest of your content. Thanks Ed
Thanks Don =)
Thanks Ed for sharing another awesome video! Cheers for a successful 2022 🍻
Likewise, Scorpio! Happy 2022 (soon!)
This is incredibly helpful, thank you!
Beautiful explanation, thank you
You're welcome, Ted.
Thank you this helped me allot
Glad this helped =)
Thank you the explanation. Would Dynamic PAT be what most home networks use? Myabe in combination with Static PAT? I'm having a ahrd time to understand the practical usecases of the protocols sometimes.
Yes! Exactly. This is the "hole punching" example I was discussing around 11:00 ~
Very good video.
Thank you sir 🙏
Super helpful
Great Video..Thank you
very clear, only one concern, you said that's why the source port is re-randomized but actually it's not re-randomized (if I understand correctly), the mapping confusion is fixed thanks to the source IP (from the receiving package). am I correct ?
Amazing explanation.. but I wonder where does source / destination NAT (SNAT / DNAT) fit in this whole equation of static / dynamic NAT and PAT?
Unfortunately, everyone calls NAT something different =/. But at it's core, there are still only 4 types of NAT that are simply applied in different ways.
www.practicalnetworking.net/series/nat/nat-terminology-disambiguation/
Thank you so much
I assume that the entries in the translation table ought to expire at some point to avoid running out of available ports?
Correct. Typically with TCP, the entry "expires" when the NAT device sees a RST or TCP FIN. Or after a certain amount of time. ANd with UDP it's just a simple timeout (every vendor has different defaults for this).
@@PracticalNetworking Thanks for clarifying. And thanks for the great work you are doing!
Thank you.
You're welcome!
how to make sure the public IP address must have unique port numbers, as you said they're also randomized ? Is the router making sure that no two connections have the same port number on Public IP ?
Yes, exactly. The router is assuring the ports are unique by changing them if necessary.
Perfect. Can you also do a video on how a VPN works sharing 100 customers using the same outbound vpn address? Would be very interesting.
It would be fun to tackle VPN stuff in more detail. But the sharing of the outbound VPN IP address will still occur as a simple Dynamic PAT. The VPN portion is independent of the NAT portion.
@@PracticalNetworking yes, thanks to your explanation, it's fascinating how brilliant the inventing of dynamic PAT is and how useful it's to services like shared VPN IP's. Your channel has very briefly touched on browser based SSL vpns, and it would be real interesting how their connections differ to say OpenVPN based VPNs, and how the topology looks when you use OpenVPN on the box and then also use the VPN extension, creating a tunnel inside a tunnel. And then if the destination site is also tls 1.3, it's then even more fun to think about. Could you elaborate on how, if the internal 10.x IP is mapped to a port via PAT to the VPNs front facing IP, how do say p2p, https, and Zoom can simultaneously work, and how those tunnels look like? Is ALL traffic from the 10.x machine mapped to a single public IP/port per authenticated VPN client out of say 100 clients, or is it more complex than that...how does it work... Would be great if you did a video along those lines!
Thanks very much but the question does networking still in demand
Yes. It will loose some market share as everything goes to the cloud, but it will never go away entirely.
Grear, Thanks :)
You're welcome =)
Why RE-randomized? Why not just sequential (the next number to the last one)?
Good question. Some router/firewall platforms do just that (use sequentially the next-number). But, if the next sequential is in use, then +2 sequentially is used, and so on. But not all vendors operate this way. Hence in the video, I simply said "re-randomized" to imply that you can not make any assumptions about what _new_ source port the Router will use.
There also isn't really a _correct_ or _best_ way, as long as a unique source port is used, Dynamic PAT will work. Whether it be random, or sequential, or via some complicated algorithm, who knows?
Hope you enjoyed the video.
It will be great if you would configure NAT in a Router using CLI thank you.
I do... in this course =)
classes.pracnet.net/courses/nat-on-a-cisco-ios-router
🤩🤩🤩
is static nat allow many hosts with private ip to share one public IP ?
Nope, Static NAT only allows 1 host to use 1 public IP. It can't allow multiple hosts to share the same IP address (without conceding it's bidirectionality).
Hi, will this possible that I have two webservers which will have to use same port 80 and two public IPs mapped to each web server. webserver-A:80 mapped with public IP-A:80 and webserver-B:80 mapped with public IP-B:80... im using single FW for this. one webserver is using outside interface and second sever used public ip used by NAT. I have /29 public IP block.. But i cant access both servers simultaneously. what would you suggest on this .
is it really unidirectional? because if you initiate from inside then traffic still gets back to you...
Unidirectional based upon the *initial* packet.
A connection initiated from the inside will allow bi-directional packet flow. A connection initiated from the outside will not make it through the NAT device.
can you help me ? how to install stackwise-virtual when have 4 cisco 9500
Still waiting for entire network course to purchase
Noted, Frempong =) Thanks for the reminder =)
Brill
Glad you enjoyed the NAT series as well, Ali =)