Celebrate National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

NAT first or Routing First ?

Posted on 2009-07-13
3
Medium Priority
?
409 Views
Last Modified: 2012-06-27
which will happen first for incoming and outgoing traffic in firewalls/routers ?

thanks
0
Comment
Question by:alimohammed72
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 14

Expert Comment

by:theras2000
ID: 24841649
They happen at the same time, in the same device, usually.  The router picks up the packet from one network, translates the address, send the packet down a new network.  If routing is moving the traffic from one network to another, and NAT is the translation of addreses/ports, then my crude explanation would suggest that the NAT part is happening right in between the start and end of the routing part.  But really, lets just say they're happening at the same time.

I suspect that you could benefit from a more detailed or targeted answer if you more specifically explained what you're looking for.  Have you got a network issue?  Are you just having a deep and meaningful conversation with your brother about the finer points of routing?
0
 
LVL 8

Accepted Solution

by:
NotLogical earned 1500 total points
ID: 24841676
Hi,

That actually depends on where the traffic is flowing... Let's presume we are dealing with a small home router - like a DLink with 4 integrated switch ports. This applies to a Cisco PIX 501, too - as it has an integrated 4 port switch.

Take the following example:

- internal network is 192.168.1.1/24
- external network is everything else

In this scenario, if the switch fabric knows of the destination node by MAC and IP, the packet will go through the switch, and will not be seen by the router/firewall.

In this scenario, any destination addresses which are not known, will go through the router's routing table, and will most likely make it out through the NAT onto the "gateway of last resort" (or default gateway). Why "most likely"? Not all addresses are routable - some may get dropped.

A slightly different example:

- internal network #1 is 192.168.1.1/24
- internal network #2 is 192.168.2.1/24
- external network is everything else

In this scenario, I am presuming that the router has the two networks in its routing table. As such, any packets sourced on network #1 destined for network #2 will hit the router.

Now, if you have a packet on either network #1 or network #2 destined for somewhere else, the default gateway comes into play. At that point in time, the packet will traverse the NAT tables, and be sent out onto the internet...

In the reverse direction, an incoming packet from the outside world is first matched against a NAT/SPI rule, and then routed to the appropriate destination network (if applicable).

It is true that some firewalls have routing capabilities, and some routers can do simple NAT. However, I would not rely on a firewall to perform heavy-duty routing, or use a router to do enterprise-wide NAT.

Cheers,

NotLogical
0
 
LVL 18

Expert Comment

by:deimark
ID: 24841932
As above, but really, the answer "depends".

If you can give us an idea of what device you are using and also in what direction you are looking at.

Normally though, outbound traffic is checked to make sure it can route, then natted, then sent out the routed interface.
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Getting hacked is no longer a matter or "if you get hacked" — the 2016 cyber threat landscape is now titled "when you get hacked." When it happens — will you be proactive, or reactive?
How to set-up an On Demand, IPSec, Site to SIte, VPN from a Draytek Vigor Router to a Cyberoam UTM Appliance. A concise guide to the settings required on both devices
Viewers will learn how to properly install and use Secure Shell (SSH) to work on projects or homework remotely. Download Secure Shell: Follow basic installation instructions: Open Secure Shell and use "Quick Connect" to enter credentials includi…
In this brief tutorial Pawel from AdRem Software explains how you can quickly find out which services are running on your network, or what are the IP addresses of servers responsible for each service. Software used is freeware NetCrunch Tools (https…
Suggested Courses

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question