Standard Network Address Translation – Translating Private IP to Public IP Addresses The diagram below depicts a simplified diagram of a Customer Premises Equipment (CPE) gateway with NAT translating private addresses to public addresses. When the routing is between IPv4 networks the technology is referred to as NAT44 for network address translation from IPv4 to IPv4 addresses. To route internal hosts to external hosts, a NAT service translates private IP addresses to public IP addresses. The original design of network address translation allows multiple end customers to use any private address range for their internal networks. READ THE EBOOK: IPv6 – Are We There Yet? Standard NAT and IPv4 Addresses This protocol provided an address space of 128 bits (a total of 3.4×1038 addresses – approximately 340 trillion trillion) but it wasn’t until July 2017, 19 years later, that the Internet Engineering Task Force (IETF) declared it an internet standard (RFC 8200). This memo was the first to discuss the consequences of the “eventual exhaustion of the 32-bit IP address space.” Two years later RFC 1631, The IP Network Address Translator (NAT), was published.Ī protocol called IPv6, became a draft standard (RFC 2460) in 1998, as the successor to IPv4 and the long-term solution to IPv4 address exhaustion. In June 1992, as a result of the astounding growth of the internet, RFC 1338, Supernetting: an Address Assignment and Aggregation Strategy, was published. Carrier Grade NAT (CGNAT) was created as a solution to address this problem, primarily for service providers. However, IPv6 was not made to be backward compatible, and the problem of limited addresses still became an issue. IPv6 was envisioned as a successor protocol to IPv4 and would solve the limited address space. IP addressing was originally defined by four octets-four groups of eight bits, a standard called IPv4 -which resulted in over four billion unique values (actually, 4,294,967,296), so at the time it seemed we’d never run out.īy late 1980’s, however, it became apparent that the dramatic adoption rate of the internet would eventually deplete this large pool of addresses. I think it would make sense to either exclude the CGNAT range from 10/8, or create a new third category: "Block CGNAT networks".Way back in the early days of the internet (the 1980s) every connected computer was intended to have its own unique public IP address. Disabling the block of Private networks opens a possible security hole for spoofed IP attacks, while Blocking private networks blocks many hosts that are located behind the same ISP as my router. So while it is still advisable to block non-routable private address space on a public-IP WAN connection, CGN peers should be allowed to come through. This option should only be set for WAN type interfaces that use public IP address space.Īctually, 10/8 in its entirety is not considered to be private anymore, as according to RFC6598 CGN has been officially allocated to 100.64.0.0/10 (reference: ) When set, this option blocks traffic from IP addresses that are reserved for private networks as per RFC 1918 (10/8, 172.16/12, 192.168/16) as well as loopback addresses (127/8). If I check the Interface \ WAN settings, I have the following choices: to selectively block Private networks AND/OR Bogus networks from connecting to my router.īlock Private network has the following help text:
0 Comments
Leave a Reply. |