by Larry Hettick and Steve Taylor
Opinion
May 31, 20042 mins
Networking
* Network address translation can get in the way of certain communications
NAT, or network address translation, is a function embedded in even the simplest of SOHO routers. Simply put, NAT hides your device’s “real” address from the network by translating this address to a different address for network communications, thereby supplying a measure of security.
The good: NAT is relatively effective as a first line of defense against hackers who might invade your system. While it’s not perfect, it’s pretty darn effective.
The bad: Doing any Web-based functions that require passing the IP address in the body of the message can have problems working through NAT.
The ugly: Applications that depend on H.323 and Session Initiation Protocol often have problems for this exact reason. In our recent testing of various messaging programs, we found varying levels of success when connecting through routers with integrated firewalls. This proved to be especially problematic with MSN Messenger.
Whenever we tried to initiate either application-sharing or whiteboarding with MSN Messenger while connected through our routers with NAT, we received error messages indicating that we were unable to connect due to a SIP error. The genesis of this “error” is that the NAT function was changing the IP address on the packet headers so that we were able to communicate for basic functions. However, the SIP messages (and H.323 messages) also contain references to the IP address within the body of the message. The NAT function does not change the addresses contained within the body of the message.
We were able to make these functions work by bypassing the router, confirming that the NAT function was root of the problem. But then we lost all of the NAT protection. One can also poke holes in the NAT firewall, but this opens the computer to other exploits.
On the corporate level, “session border control” products are quickly emerging to address this problem. But on the SOHO level, we are still looking for an appropriate solution.
Related content
how-to
Using the apropos command on Linux
BySandra Henry-Stocker
Apr 24, 20243 mins
Linux
news
2024 global network outage report and internet health check
ThousandEyes tracks internet and cloud traffic and provides Network World with weekly updates on the performance of ISPs, cloud service providers, and UCaaS providers.
ByAnn Bednarz
Apr 24, 202438 mins
Internet Service ProvidersNetwork Management SoftwareCloud Computing
news
Accelsius offers liquid cooling without a data center retrofit
NeuCool technology works with existing data center equipment and configuration.
ByAndy Patrizio
Apr 24, 20243 mins
Energy EfficiencyData Center
news
Nvidia supercomputers: new collegiate, research systems come online
Georgia Tech's dedicated AI supercomputer is a cluster of 20 Nvidia HGX H100s; the DOE's Venado is the first large-scale system with Nvidia Grace CPU superchips deployed in the U.S.
ByAndy Patrizio
Apr 24, 20243 mins
SupercomputersData Center
NEWSLETTERS
Newsletter Promo Module Test
Description for newsletter promo module.