Ip masquerading (nat, pat) – ELSA Cable User Manual
Page 44
Operating modes and functions
ELSA MicroLink Cable
36
Module/Local Routing On
menu). This tells the router in your device to send
the data packet to the other responsible router. The router will then no longer send any
ICMP redirects.
This may seem to be a good idea in principle, but local routing should still only be used
as a last resort, since this function leads to doubling of the number of data packets being
sent to the destination network required. The data is first sent to the default router and
is then sent on from there to the router in the local net which is actually responsible.
IP masquerading (NAT, PAT)
One continually growing problem for the Internet is the limited number of generally valid
IP addresses available. In addition to this, the allocation of fixed IP addresses for the
Internet by the Network Information Center (NIC) is an expensive process. What is more
obvious than having several computers share one IP address?
This particular solution is called IP masquerading. This is a procedure whereby only one
LAN router appears on the Internet with an IP address. This IP address is allocated to the
router either permanently by the NIC or temporarily by an Internet provider. All the other
computers on the network then “conceal“ themselves behind this one IP address. Aside
from the welcome savings, IP masquerading has the added benefit of guarding very
effectively against attacks on the local network from the Internet.
The IP masquerading function is connected to the operating mode of the cable modem as
a router. Whenever routers are mentioned in the following paragraphs, this is a
reference to the cable modem in the operating mode of an IP router.
Two addresses for the router
Masquerading pits two opposing requirements of the router against one another:
On the one hand, it has to have a valid IP address in the local network of the user so
that it can be reached from the LAN.
On the other hand, it has to have a valid address in the cable network.
Since these two addresses may not in principle be located on the same logical network,
there is only one solution: two IP addresses are required.