Firewall Wizards mailing list archives
NAT resources
From: "Appel, John" <AppelJ () 1st-annapolis com>
Date: Fri, 12 Jun 1998 16:22:17 -0400
Several folks have asked what I found or was pointed to in the way of NAT (Network Address Translation) information resources, so here goes. Any mistakes in the descriptions are purely mine: Two RFCs are key - RFC 1918, "Address Allocation for Private Internets" (Rekhter, Moskowitz, Karrenberg, de Groot & Lear, Feb. 1996) describes building private internetworks using the non-Internet routable address spaces. RFC 1631 "The IP Network Address Translator" (Egevang & Francis, May 1994) specifically addresses NAT. Numerous sources for those two documents. RFC 1878 , "Variable Length Subnet Table for IPv4" (Pumill & Manning, December 1995) is also pretty handy when the brain locks up calculating subnets. Also, there is a working Internet Draft entitled "Architectural Implications of NAT" dated March 1998 by Tony Hain of Microsoft. I found this at http://www.cs-ipv6.lancs.ac.uk/ftp-archive/Standards/general-comms/inter net-drafts/draft-iab-nat-implications-00.txt. You may find a shorter URL! Dr. Peter Welcher of Chesapeake Computer Consultants has a white paper on NAT at http://www.ccci.com/product/papers/pete/papers/nat.htm. This also discusses some Cisco-specific issues (CCC is apparently a Cisco reseller) along with a nice concise explanation of NAT and some pros/cons. I found a NAT presentation at http://www.csn.tu-chemnitz.de/~mha/linux-ip-nat/diplom/nat.html. This looks pretty good and is fairly meaty, but you can't pull down the complete document. Cisco has a few documents itself; a document covering their implementation of NAT in IOS, located at http://www.cisco.com/warp/public/701/60.html and a FAQ about their NAT v2.1 product at http://www.cisco.com/warp/public/458/41.html. 3Com also has a pretty detailed document for configuring one of their devices (one of the low-end 'Net access boxes, I think) to use NAT at http://www.remoteaccess.3com.com/support/newcode/rnotes/nat.htm. Intel also had a nice document for their Express series routers at http://support.intel.com/support/express/routers/8xxx/24206.htm. These are pretty much "how-tos". Is it just me, or is Bay Networks' site search facility just about useless? They may have good stuff there but I couldn't find it. Various firewall vendors discuss their implementation of NAT; check out their pages for more detail, though there isn't much. 8-( Information here is largely of the marketing-brochure variety, pretty and attractive but with no real information. A search on Amazon.com offered up the 2nd edition of "TCP/IP Network Administration" by Craig Hunt, O'Reilly & Associates, ASIN: 1565923227. I have the first edition of this, which seems to pre-date NAT; I may spring for the new edition. Go to http://www.ora.com for more on this book. Nothing else sprang out of Amazon.com, but there may be other commercial networking texts which cover this. There's also an opinion piece by Erik Fair entitled "Private IP Address Space is a Bad Idea", dated October 18, 1996. It has a companion, "Firewall Systems Considered Harmful". These are at http://www.clock.org/~fair/opinion/rfc1597.html and http://www.clock.org/~fair/opinion/firewalls.html respectively. These are very short but interesting. Erik is a member of the IETF. That's my haul to date. Hope this helps somebody else! John John Appel Director, IT Operations First Annapolis Consulting appelj () 1st-annapolis com
Current thread:
- NAT resources Appel, John (Jun 13)