Because of the nature of address translation,
some IP protocols will not function correctly if the servers of the
respective protocols reside in the outside network: BootP or DHCP Any
variant of BootP require storing the IP address in the BootP data field.
Because NAT will not touch this layer, the BootP server will not be able
to assign correct IP addresses to its client.
 |
 |
Lab
Activity |
| |
In this lab,
you will learn the usage of Network
Address Translation through the use of overloading address
translation. |
|
|
|
DNS
Because DNS relies on a static IP address
mapping to a host name, it will not recognize a IP address accurately and
report an unexpected host name unless static address translation is used..
SNMP
Similar to BootP, some SNMP MIBS require
storing IP addresses in the SNMP data field and thus will not translate
correctly. They should either be non-translated, or exist on both sides of
a firewall (dual homed, or two different machines).
NAT also poses some network management
considerations:
Security
NAT reduces the number of options for
providing security. With NAT, nothing that carries an IP address or
information derived from an IP address (such as the TCP-header checksum)
can be encrypted. While most application-level encryption should be ok,
this prevents encryption of the TCP header.
Privacy
NAT itself can be seen as providing a kind
of privacy mechanism. This comes from the fact that machines on the
backbone cannot monitor which hosts are sending and receiving traffic
(assuming of course that the application data is encrypted).
Debugging
The same characteristic that enhances
privacy potentially makes debugging problems (including security
violations) more difficult. If a host is abusing the Internet is some way
(such as trying to attack another machine or even sending large amounts of
junk mail or something) it is more difficult to pinpoint the source of the
trouble because the IP address of the host is hidden.
|