Solved

NAT first or Routing First ?

Posted on 2009-07-13
3
394 Views
Last Modified: 2012-06-27
which will happen first for incoming and outgoing traffic in firewalls/routers ?

thanks
0
Comment
Question by:alimohammed72
3 Comments
 
LVL 14

Expert Comment

by:theras2000
ID: 24841649
They happen at the same time, in the same device, usually.  The router picks up the packet from one network, translates the address, send the packet down a new network.  If routing is moving the traffic from one network to another, and NAT is the translation of addreses/ports, then my crude explanation would suggest that the NAT part is happening right in between the start and end of the routing part.  But really, lets just say they're happening at the same time.

I suspect that you could benefit from a more detailed or targeted answer if you more specifically explained what you're looking for.  Have you got a network issue?  Are you just having a deep and meaningful conversation with your brother about the finer points of routing?
0
 
LVL 8

Accepted Solution

by:
NotLogical earned 500 total points
ID: 24841676
Hi,

That actually depends on where the traffic is flowing... Let's presume we are dealing with a small home router - like a DLink with 4 integrated switch ports. This applies to a Cisco PIX 501, too - as it has an integrated 4 port switch.

Take the following example:

- internal network is 192.168.1.1/24
- external network is everything else

In this scenario, if the switch fabric knows of the destination node by MAC and IP, the packet will go through the switch, and will not be seen by the router/firewall.

In this scenario, any destination addresses which are not known, will go through the router's routing table, and will most likely make it out through the NAT onto the "gateway of last resort" (or default gateway). Why "most likely"? Not all addresses are routable - some may get dropped.

A slightly different example:

- internal network #1 is 192.168.1.1/24
- internal network #2 is 192.168.2.1/24
- external network is everything else

In this scenario, I am presuming that the router has the two networks in its routing table. As such, any packets sourced on network #1 destined for network #2 will hit the router.

Now, if you have a packet on either network #1 or network #2 destined for somewhere else, the default gateway comes into play. At that point in time, the packet will traverse the NAT tables, and be sent out onto the internet...

In the reverse direction, an incoming packet from the outside world is first matched against a NAT/SPI rule, and then routed to the appropriate destination network (if applicable).

It is true that some firewalls have routing capabilities, and some routers can do simple NAT. However, I would not rely on a firewall to perform heavy-duty routing, or use a router to do enterprise-wide NAT.

Cheers,

NotLogical
0
 
LVL 18

Expert Comment

by:deimark
ID: 24841932
As above, but really, the answer "depends".

If you can give us an idea of what device you are using and also in what direction you are looking at.

Normally though, outbound traffic is checked to make sure it can route, then natted, then sent out the routed interface.
0

Featured Post

VMware Disaster Recovery and Data Protection

In this expert guide, you’ll learn about the components of a Modern Data Center. You will use cases for the value-added capabilities of Veeam®, including combining backup and replication for VMware disaster recovery and using replication for data center migration.

Join & Write a Comment

Please see preceding article here: http://www.experts-exchange.com/Networking/Operating_Systems/A_11209-Root-Bridge-Election.html Figure 1 After Root Bridge has been elected, then what?..... Let's start by defining a Root Port in la…
SSL is a very common protocol used these days when browsing the web.  The purpose is to provide security to communication, but how does it do it?  There are several pieces at work that have to be setup before SSL will even work and it requires both …
Viewers will learn how to properly install and use Secure Shell (SSH) to work on projects or homework remotely. Download Secure Shell: Follow basic installation instructions: Open Secure Shell and use "Quick Connect" to enter credentials includi…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now