Thought I’d quickly write a post about Network Address Translation or NAT more specifically the Carrier Grade variant of NAT or CGNAT.
The need for NAT comes from the lack of Public IP addresses, Essentially not every device on the internet needs to have its own address allowing ports to be forwarded to them for the access of public services.
As a solution to this we get Network Address Translation allowing multiple devices to access the internet via a shared public IP address. Its common practice that each home will have its own public IP and the router of the house will be responsible for the NAT, See Below.
As part of this NAT action we get the firewall role where all inbound traffic is blocked by default. The exception to this is that most home routers are classed as “stateful” firewalls these are able to track the original outbound request to make sure the returned traffic is allowed back in. Without this your laptop would send the request a webserver and when the webserver sent the data back it would be blocked resulting in a lot of angry family members.

NAT rules can be created to allow the ingress of traffic in to the network from the public IP, on consumer routers this is normally done via Universal Plug and Play or UPnP and games consoles allowing them to create Port Forwards for hosting games.
This is not the only way NAT rules can be created as some devices do not support the UPnP or maybe 2 devices want to use the same port but you know only was has a requirement for it. Web interfaces for routers all differ, brand to brand even in the the same brand, some call them port forwards and some call them port triggers. These will all require the same key information
- Source IP
- This is where the data is coming from to match the rule
- normally any or 0.0.0.0/0
- Source Port
- This is the port the sender is using to send the data
- This is normally a dynamic port so can be left to any
- Destination IP
- This is the IP address the traffic was received on by your router incase you have multiple IP addressed on your public interface
- Destination Port
- This is the port that the remote connection is trying to contact you on
- Destination Protocol
- TCP – Transmission Control Protocol
- UDP – User Datagram Protocol
- Translated IP
- This is the internal IP address where the data needs to go
- Translated Port
- This is the internal port listening for the request
Carrier Grade NAT, What is it and how does CGNAT affect me?
So up to now we have been looking at NAT not CGNAT, there was a need to understand the basics before we progress this to the Carrier Grade Nat. Essentially the the job of your routers gets passed up a tier, see below:
To most of people this is not an issue as they don’t host services from their houses, but to those of us who do this is a little more then an inconvenience as without CGNAT the ports can be forwarded and the service be made available. With CGNAT in play the public address is to far out of reach for us to be able to manage where the data is NAT’d to leaving your service stranded
As an extension of this 3G and 4G mobile phones are all ran Roger CGNAT, this can cause issues when tying to access for example a CCTV camera at a remote location, or say you had a HNT miner with a gigantic antenna on it at a remote location, this would always be in a relayed state as there is no ability to the ports needed
Be First to Comment