some NAT questions

Oh man! Ad-blocking software has been detected! :'(

This website is run by the community, for the community... and it needs advertisements in order to keep running. Blocking our ads means your killing our stats!
Please disable your ad-block, or become a premium member to hide all advertisements and this notice.

i know that in NAT logic we have private and public ip addresses.

and private ip addresses can not be used in internet
so we enhance public(real) ip addresses in this way

my question is : for ex. my local ip address is 192.168.1.2
and my global (public) ip address is 88.100.23.34

then

if we use 88.100.23.34 for exiting to the net , which ip do we protect(hide) from attackers ?

if we protect(hide) 192.168.1.2 ip address , and i know
so many people in our region gives that ip , why can we display
our ip on net sites?

 

Oh man! Ad-blocking software has been detected! :'(

This website is run by the community, for the community... and it needs advertisements in order to keep running. Blocking our ads means your killing our stats!
Please disable your ad-block, or become a premium member to hide all advertisements and this notice.

Well sites officially don't know your private IP address but there is a Java trick which can display this information.

The thing to bear in mind is that your private IP 192.168.x.x is not unique to this Internet, it is only unique to your local network. Hence there could for example be millions of people with the IP address 192.168.1.2 hence they couldn't personally identify, connect to you even if it was *routeable* on the Internet, which private IP ranges are not.

Hope that makes sense.

Pete

 

You want to protect(hide) your 192.168.1.0 ip subnetwork from the attackers. One method is to use NAT.

Due to the way NAT works, only the reply traffic from traffic initiated from the inside of NAT may enter from the outside to the inside. If someone on the outside tries to connect to an inside host, it won't work because NAT works as a firewall and "burns up" the traffic that's initiated from the outside to the inside.

I hope this helps.

 

which one do we hide from "attackers from the net"?

 

1- and two more is coming

for ex. i am a home user and have one phone line , one dsl
modem and a pc

if my modem doesn't have NAT ability can't i go(surf on) to internet?


2 -the other is ımm : again i am the user that have things
above

2-a ) whats my default gateway ? i mean it must be my
ip address of my modem or any ip i gave in tcp/ip
config. ?


(i asked this cause for ex. my ip address of modem is
10.0.0.1 and i assigned d.g 192.168.1.1 from the tcp/ip config screen on my computer)

then i ping 192.168.1.1 but it doesn't ping although i assign this.
(request timed out)

if i ping 10.0.0.1 it pings

so look at the question again due to things i said !!!!

 

Hi, I may have read this wrong, but if you have an ADSL modem, then that grabs an IP from the ISP, you dont actually have an internal IP as you are not connecting through you NIC. The only way your PCs NIC would be assigned an IP is if you connected to a router via ethernet or wirelessly?

Have I misread what you are saying?

G

 

kobem,

The public IP address assigned by DHCP to your computer if your computer is directly connected to the networking device from your ISP.

 

Since you're able to post to Certforums and if you don't have NAT then yes, you can surf the Internet.

The IP address that you use for Default Gateway must be in the same sub/network as your host's IP address. Maybe the reason why you're getting a "(request timed out)" when you "ping 192.168.1.1" is because for some reason, the "ping reply" feature of your default gateway networking device is turned off.

 

Of course you can. NAT or no-NAT does not affect your ability to connect.

Your ISP will give you the default gateway - usualy automaticaly via PPP.

It won't because it is on a different network, and you have no routing to it. And you can't just arbitrarily assign a default gateway - it must have meaning to the network.


Harry.

 

ok , i can see you try to help me but still can't understand

trying another

according to things you said : isp gives me public ip
ip address and also provides NAT feature .

so if this is so , why do some dsl modems or routers
have NAT ability that time ?


other again

NAT TRANSLATES PRIVATE , INTO PUBLIC IP ADDRESSES
and you said my PUBLIC ip being protected from attackers
from the net , but Read , PUBLIC (what does this mean
open to all)

so what is the trick?

 

*Most* ISPs don't provide NAT - that is a property of the modem/router.

So you can have a network on one public IP. If you don't have a network you don't need NAT.

What trick? NAT translates the unroutable private addresses into the public IP address. But to do this it needs connection info, which it gets when your client accesses a server out on the 'net. For an incoming connection there is no info, so this gets dropped on the floor. Hence NAT provides some protection to your network.

Harry.

 

i am getting crazy still we can't talk same language , it
breaks my excitement.

last turn (trying wiithout building complex sentences this time)

- who gives me the NAT (if i am a home user)

- why some modems and routers carry this feature?

- if i don't have public ip , i can't surf on the net ?
and
- if this is so , NAT DOES THIS?

 

May I suggest you find a friend with more fluency in English to help you frame these questions? It's for certain that I won't speak your language well enough!

Usualy your router.

To allow a network to be run behind a single IP address.

If your connection to an ISP is not using a public IP, and that ISP expects you to use a public IP it has given you - then no - you won't be able to surf. But all modems and modem/routers usualy use the public IP handed them by the ISP, which is why you *can* surf.

The main purpose of NAT is to allow a network to hide behind a single IP address. As a side-effect it also helps keep attackers out.

Harry.

 

Kobem try looking at this diagram for the common set up..

*Your PCs on local network* (private ips)--*Your ADSL modem/router/NAT*-public ips-*Your ISP (public ips)*---*The internet (public ips)*

Now if you want more than one computer to access the Internet it is common to use NAT as NAT can *map* a single public ip address to one or *more* computers on your local (private) network.

If you don't have NAT then you can still surf but with only one PC and that PC will have a public ip address.

NAT offers a layer of protection similar but not the same as a firewall. So it's good.

 

sorry bluerinse i interrupt you

Lets say NAT protects our private ip address . But i can see
my public ip only in my modem and ip address sites.

- so if i see my public ip in these sites and in my modem i think i protect my public ip
why is it wrong?

-"public" specifies its name so its open for every people
on the net

...........................................

NAT again you mentioned that you can still surf but using public addresses. Giving public address from me is enough to go to net?(if my modem does not include NAT feature)

-think this : modem does not include NAT and i assigned
private ip address , who will do NAT in this situation ?


.........................................

one more question

security one

for example hackers want to capture my computer , in this case they achieve it by capturing
my private ip or public ip ?(i think my public ip(because my private is not unique) so i have to hide my public ip but it is public...)

 

- so if i see my public ip in these sites and in my modem i think i protect my public ip
why is it wrong? -"public" specifies its name so its open for every people
on the net

It's not wrong it is right. your public IP will not be protected and it will be known to sites you visit unless you use a *proxy server*.

NAT again you mentioned that you can still surf but using public addresses. Giving public address from me is enough to go to net?(if my modem does not include NAT feature)

-think this : modem does not include NAT and i assigned
private ip address , who will do NAT in this situation ?


If your modem is issuing a private IP address it, the modem is acting as a router and routing packets between the external network (Internet) and your LAN (local area network). Note that it is only Internet based routers that can't route private ip ranges.

for example hackers want to capture my computer , in this case they achieve it by capturing
my private ip or public ip ?(i think my public ip(because my private is not unique) so i have to hide my public ip but it is public...)

You can only hide your public IP address by using an anonymous proxy server. You protect yourself from hackers with a *firewall*.

 

Before I start - I think you may not understand quite what 'public' and 'private' mean for IP addresses.

There are 3 ranges set aside by the IP authorities for 'private' addresses. These are 10.0.0.0/8 , 172.16.0.0/12 and 192.168.0.0/16. These addresses are not routable on the Internet in general. They are intended to be used behind NAT, and also on non-connected networks.

You can see a 'public' address anywhere on the Internet.

Why is what wrong? If it is public then it is visible anywhere on the Internet.

Yes.

You don't 'give' a public address - your ISP gives you that.

Nobody - and you won't connect to the Internet.

Hackers don't capture IP addresses, because for them they aren't routable. They do it mostly these days by installing malware on your machine.

Harry.

 

but public ip is routable and it is seen everywhere on the internet
so hackers get me?

how can they grasp my public ip from net ? (i can only
reach my modem on my pc )

if isp gives me public ip , why should i need NAT (private into public)?

 

Hackers will only get you if your firewall is inadequate, or your email and web defences are inadequate. You *have* to have a public IP to be able to talk on the Internet at all.

In email headers, in logs when you access their web-sites, or if you allow a trojan on your machine they will have it directly. They can also scan your box, but these days this will only work if you haven't patched the machine properly.

You only need NAT if you are trying to run a whole network behind a single IP, as I have said many times before.

Harry.

 

ok , as much as i got , we protect public ip address

but still don't understand NAT

for ex. i have a dsl modem but it doesn't have NAT
so how can i go to net?

and you said : NAT is used if you run a network behind
a single ip . And there is a home network behind a single ip
(dsl modem - phone line - pc)but where is NAT here?