Please Whitelist This Site?
I know everyone hates ads. But please understand that I am providing premium content for free that takes hundreds of hours of time to research and write. I don't want to go to a pay-only model like some sites, but when more and more people block ads, I end up working for free. And I have a family to support, just like you. :)
If you like The TCP/IP Guide, please consider the download version. It's priced very economically and you can read all of it in a convenient format without ads.
If you want to use this site for free, I'd be grateful if you could add the site to the whitelist for Adblock. To do so, just open the Adblock menu and select "Disable on tcpipguide.com". Or go to the Tools menu and select "Adblock Plus Preferences...". Then click "Add Filter..." at the bottom, and add this string: "@@||tcpipguide.com^$document". Then just click OK.
Thanks for your understanding!
Sincerely, Charles Kozierok
Author and Publisher, The TCP/IP Guide
NOTE: Using software to mass-download the site degrades the server and is prohibited.
If you want to read The TCP/IP Guide offline, please consider licensing it. Thank you.
IP NAT "Overlapping" / "Twice NAT" Operation
(Page 1 of 3)
All three of the versions of NAT
discussed so fartraditional,
normally used to connect a network using private, non-routable addresses
to the public Internet, which uses unique, registered, routable addresses.
With these kinds of NAT, there will normally be no overlap between the
address spaces of the inside and outside network, since the former are
private and the latter public. This enables the NAT router to be able
to immediately distinguish inside addresses from outside addresses just
by looking at them.
In the examples we've seen so far,
the inside addresses were all from the RFC
1918 block 10.0.0.0. These can't be public
Internet addresses so the NAT router knew any address referenced by
a request from the inside network within this range was a local reference
within the inside network. Similarly, any addresses outside this range
are easy to identify as belonging to the outside world.
Cases With Overlapping Private and Public Address Blocks
There are circumstances however where
there may indeed be an overlap between the addresses used for the inside
network, and the addresses used for part of the outside network. Consider
the following cases:
- Private Network To Private Network Connections:
Our example network using 10.0.0.0 block addresses might want to connect
to another network using the same method. This situation might occur
if two corporations merge and happened to be using the same addressing
scheme (and there aren't that many private IP blocks, so this isn't
- Invalid Assignment of Public Address Space
To Private Network: Some networks might have been set up not using
a designated private address block but rather a block containing valid
Internet addresses. For example, suppose an administrator decided that
the network he was setting up would never be connected to the
Internet (ha!) and numbered the whole thing using 22.214.171.124 addresses,
which belong to the Massachusetts Institute of Technology (MIT). Then
later, this administrator's shortsightedness would backfire when the
network did indeed need to be connected to the 'net.
- Stale Public Address Assignment:
Company A might have been using a particular address block for years
that was reassigned or reallocated for whatever reason to company B.
Company A might not want to go through the hassle of renumbering their
network, and would then keep their addresses even while Company B started
using them on the Internet.
What these situations all have in
common is that the inside addresses used in the private network overlap
with addresses on the public network. When a datagram is sent from within
the local network, the NAT router can't tell if the intended destination
is within the inside network or the outside network. For example, if
we want to connect host 10.0.0.207 in our private network to host 10.0.0.199
in a different network, and we put 10.0.0.199 in the destination of
the datagram and send it, how does the router know if we mean 10.0.0.199
on our own local network or the remote one? For that matter, we might
need to send a request to 10.0.0.207 in the other private network, our
own address! Take the network that was numbered with MIT's address block.
How does the router know when a datagram is actually being sent to MIT
as opposed to another device on the private network?
|If you find The TCP/IP Guide useful, please consider making a small Paypal donation to help the site, using one of the buttons below. You can also donate a custom amount using the far right button (not less than $1 please, or PayPal gets most/all of your money!) In lieu of a larger donation, you may wish to consider purchasing a download license of The TCP/IP Guide. Thanks for your support!|
Table Of Contents - Contact Us
The TCP/IP Guide (http://www.TCPIPGuide.com)
Version 3.0 - Version Date: September 20, 2005
© Copyright 2001-2005 Charles M. Kozierok. All Rights Reserved.
Not responsible for any loss resulting from the use of this site.