Monday, November 28, 2011

Destination NAT on Cisco Routers

Destination-NAT, it turns out is not as self-explanatory as Source-NAT when it comes to CLI commands. And, the materials I found on CCO and Google searches did not clearly explain how to do this simple task in Cisco IOS. So, I think it warrants a quick article in case others need!

Why would you want to Destination-NAT? It is needed when a service provider assigns private addressing (RFC 1918) to a service you need to target and you already have a route in your network for that subnet, which goes elsewhere. Or, you need to direct certain lines of business (LOB) to use one circuit over another, to reach the same service. In this case, you can have one LOB target the real IP to reach the service over a specific circuit, and another LOB would target the Destination-NAT IP. This way, the two LOBs don’t have to share the circuit.

If you are translating one IP to one IP, there is no need for a pool, or an ACL, for either source OR destination-NAT. You would use the “ip nat inside source static” or “ip nat outside source static”. I’ll explain which one to use for which scenario. I just depends of the direction the session is initiated. I usually assign the interface for my network (the one closer to the network core) as the “inside” interface using the “ip nat inside”. And the interface facing the other network as “outside” using the “ip nat outside” command. This also happens to be the way zone based firewalls work, although NAT has nothing to do with security or firewalls, and you could very well do the opposite.

Before I give a Destination-NAT example, let’s do a Source-NAT because that’s more common. Here is the topology:

Core network where sessions get initiated (10.1.1.0/24) –> NAT router –> Other network (172.16.1.0/24)

In this scenario, we hide the core network’s real host IP address (10.1.1.1) for that flow with the NAT range IP address of 192.168.1.1. So, the “other network” sees our traffic coming from the NAT address.

The IOS CLI command to do this is:

ip nat inside source static 10.1.1.1 192.168.1.1

Of course, you have to ensure there is a route for the translated address in the routing tables along the path for any router to reach that destination.

Now, let’s say we also need to use this NAT router to translate the destination of our packet. In other words, there is a LOB who needs to reach 172.16.1.1 via a different path, or we simply cannot advertise 172.16.1.0/24 into our core, for various reasons. We need the host on our core to be able to target 172.16.1.1 by using destination address 172.18.222.222.

At the NAT router, you can’t use “ip nat inside destination static” because there is no such command in IOS. Instead, you would use the following:

ip nat outside source static 172.18.222.222 172.16.1.1 add-route

As you can see, we are dealing with the outside NAT interface, which means we NAT in the return direction, which is why we have to reverse the order of the translation and use “source” instead of “destination”!

The “add-route” keyword may be needed if there is no route (or a route with an incorrect next-hop) in the routing table for the old “not-translated” destination.

Again, you have to ensure the 172.18.222.222 route is advertised inside your core, so the hosts can reach it.

Note- not all applications are tolerant to NAT, so make sure you test!

Monday, August 22, 2011

Access Your Android SD Card From Another Device

Here’s how to access the content of your SD card from another device or computer; XDA member jhonnyx1000 shows us that using File Expert on your Android device will let you channel your SD card through your wireless router making it accessible while connected to the same network. The application lets you do all basic file operations like copy, paste, move, create, and rename your files and folders. If that wasn’t enough, the app also features:

-FTP/HTTP Server – Share & Manage your files without a USB cable.
- Web & FTP transferring support.
- Web management featuring a Windows style interface.
- Root access to system folders and files like Root Explorer.
- SMB & FTP Client – Access your host computer from your phone, using your phone to manage your PC
via WIFI with SMB or FTP.
- Bluetooth – Share your files over Bluetooth OBEX FTP.

And more. The application can be found for free on the usual place. Please let us know your comments.

Saturday, January 8, 2011

Limited Edition: Macallan's Rs7.2 Lakh Whisky



The Macallan, the famous producer of Scotch whisky, is selling a very limited edition 64-year-old whisky as part of its Macallan's Masters of Photography series.

Only 36 bottles of the whisky, distilled in 1946, will go on sale this year for $16,000 (approx Rs. 7.2 lakh). Each of the 36 bottles will be sold along with a platinum print photograph by award-winning celebrity/fashion photographer Albert Watson. The Scottish photographer is credited with taking iconic images of director Alfred Hitchcock holding a dead goose for Harper's Bazaar in 1973.

In 2010, The Macallan commissioned Watson to depict the journey, the whisky-maker's sherry oak cask wood makes from the forests of Spain to their "spiritual home" in Speyside, Scotland.

A cheaper, $1,000 (Rs 45,000) bottle of 20-year-old whisky that is also part of the Macallan-Watson collaboration will be on sale too. Only 1,000 of these Macallan whisky bottles will be available.

Tuesday, January 4, 2011

4X INVESTMENT Forex Trading by Professionals

4XINVESTMENT Professional Manged Forex Account

Do You want Consistently Profit in the Forex Market?

Do you want to have financial freedom by trading Forex?

Don't you know how to take profit from the Forex Market?

Are You new to Forex Trading?

Do you want to become a Professional Forex Trader?

Are you loosing Money badly trading Forex Market after all the hard work you had done?

If Your Answer is YES than you have come to the right place.

Our mission is to help you become a better trader. For those looking for a significant part-time or full-time income, we believe Currency Trading is the Vehicle to use. Our passion is creating superior trading tools to help you achieve your goals—no matter which way the markets move.You can take benefit of our services to grow your capital as well as to become a professional forex trader.


If you do not know how to take profit from the forex market or if you do not have the time to trade your own forex trading account, we are here at your service to mange your forex account and we commit you for monthly consistent profit in your forex trading account.

We offer both individuals and instituational investors an opportunity to benefit from our professional skills. At 4XINVESTMENT.COM, your Forex Trading Account will be traded and managed by our full time experience traders. Our Professional team will work out very profitable for you. Our professional forex manager buys and sells currencies on your behalf in your forex trading account.