WEBVTT 0:00:02.860000 --> 0:00:09.100000 Hello and welcome to this video titled Introducing Network Address Translation. 0:00:09.100000 --> 0:00:13.380000 So in this video I'm going to introduce you to what NAT is and what problem 0:00:13.380000 --> 0:00:15.400000 was solved by NAT. 0:00:15.400000 --> 0:00:18.960000 We're going to take a look at what's the logic as far as how NAT decides 0:00:18.960000 --> 0:00:23.040000 to do its thing or circumstances when NAT will decide I'm not going to 0:00:23.040000 --> 0:00:27.540000 do anything. We'll look at some terminology used that's common to the 0:00:27.540000 --> 0:00:31.180000 all the various flavors of NAT and then we'll finish up by just briefly 0:00:31.180000 --> 0:00:36.760000 highlighting some of the different types of network address translation. 0:00:36.760000 --> 0:00:39.740000 All right, so let's do an introduction to NAT. 0:00:39.740000 --> 0:00:43.480000 So NAT clearly means network address translation. 0:00:43.480000 --> 0:00:46.380000 So let's just break down all three of those components. 0:00:46.380000 --> 0:00:50.280000 So address clearly it's an address of something network address. 0:00:50.280000 --> 0:00:54.500000 So we're not talking about layer two Mac addresses or anything else we're 0:00:54.500000 --> 0:01:01.800000 talking about specifically we're going to be dealing with IP version four 0:01:01.800000 --> 0:01:06.980000 and translation meaning it changes your IP before address in your packet 0:01:06.980000 --> 0:01:10.980000 header from one thing to something else and we'll take a look at well 0:01:10.980000 --> 0:01:15.080000 what exactly does it change and when does it decide to do that. 0:01:15.080000 --> 0:01:20.200000 So typically in most scenarios NAT is used to change or translate the 0:01:20.200000 --> 0:01:22.540000 source IP address of a packet. 0:01:22.540000 --> 0:01:27.060000 Now in some situations you can use NAT to change both the source and the 0:01:27.060000 --> 0:01:31.480000 destination. Although changing the destination is not as common most people 0:01:31.480000 --> 0:01:34.200000 when they think of network address translation they just think of it as 0:01:34.200000 --> 0:01:36.040000 changing the source. 0:01:36.040000 --> 0:01:40.800000 Now most of the time when NAT is used it's because packets are coming 0:01:40.800000 --> 0:01:45.240000 into a NAT router and the subnet or network where those packets live where 0:01:45.240000 --> 0:01:49.600000 they came from is using some sort of private address like the 10 network 0:01:49.600000 --> 0:01:54.900000 or the 172 16 network and yet those packets need to go out to a public 0:01:54.900000 --> 0:01:57.100000 network like the internet. 0:01:57.100000 --> 0:02:01.080000 Well packets with a source address that's a private address can't go to 0:02:01.080000 --> 0:02:06.160000 the internet your ISP's will filter those so the NAT router has to change 0:02:06.160000 --> 0:02:09.800000 that source address to another IP address that is publicly recognized 0:02:09.800000 --> 0:02:17.160000 and routable. However NAT is address agnostic in other words NAT doesn't 0:02:17.160000 --> 0:02:21.560000 care if the address that was original or the address that's new was public 0:02:21.560000 --> 0:02:25.780000 or private it doesn't care it'll change from one to the other just depending 0:02:25.780000 --> 0:02:30.900000 on how you define it so absolutely you could change from one private address 0:02:30.900000 --> 0:02:34.940000 to another private address or a public address to another public address 0:02:34.940000 --> 0:02:39.060000 I'm sure there's use cases for all of that but in most typical scenarios 0:02:39.060000 --> 0:02:50.400000 the the original address was a private sort of un routable address from 0:02:50.400000 --> 0:02:54.600000 the to do this NAT has to keep a record of the change that made and this 0:02:54.600000 --> 0:02:59.280000 is called a NAT translation table because if a packet's coming in with 0:02:59.280000 --> 0:03:03.680000 a source address of 10 0 0 1 let's say and that packet's going to Google 0:03:03.680000 --> 0:03:08.760000 well if we change the source address to something else and then we send 0:03:08.760000 --> 0:03:13.500000 it out to Google well then when the reply packet came back if that router 0:03:13.500000 --> 0:03:17.360000 didn't have a record of the change it had made when the reply packet came 0:03:17.360000 --> 0:03:20.940000 back would say I don't know where this is going I don't know what to do 0:03:20.940000 --> 0:03:24.480000 with this so the router has to keep a translation table that will dig 0:03:24.480000 --> 0:03:28.580000 into the details of that so it can translate the packet back to what it 0:03:28.580000 --> 0:03:32.580000 originally was to get it back to the originating host who's sitting on 0:03:32.580000 --> 0:03:38.300000 the private network so what exactly can NAT change well here we see our 0:03:38.300000 --> 0:03:42.700000 layer three IP version four header and then below that we see a little 0:03:42.700000 --> 0:03:48.180000 bit of our layer four transport headers now be aware the NAT absolutely 0:03:48.180000 --> 0:03:53.720000 can work with IPV4 and IPV6 packets it's not as common to use NAT with 0:03:53.720000 --> 0:03:58.360000 IPV6 and this course is going to deal with NAT from the perspective of 0:03:58.360000 --> 0:04:02.520000 the world of IP version four I just want you to know that there are flavors 0:04:02.520000 --> 0:04:07.300000 in that available for IPV6 translation as well so what we're looking at 0:04:07.300000 --> 0:04:12.040000 here is the IPV4 packet header a lot of fields in here hopefully you already 0:04:12.040000 --> 0:04:15.520000 know what most of these fields are but the ones that NAT really acts on 0:04:15.520000 --> 0:04:19.020000 is typically the source address so normally that's the address that will 0:04:19.020000 --> 0:04:22.860000 be translated or changed by NAT and a record will be kept of that like 0:04:22.860000 --> 0:04:27.100000 I said alternatively you could change the destination address or both 0:04:27.100000 --> 0:04:31.660000 at the same time if you wanted to and there are flavors of NAT that are 0:04:31.660000 --> 0:04:37.060000 also capable of changing your TCP or UDP port number as well and we'll 0:04:37.060000 --> 0:04:41.720000 talk about that when we talk about port address translation all right 0:04:41.720000 --> 0:04:45.660000 so why do we need to do this in other words what problem was solved by 0:04:45.660000 --> 0:04:50.800000 NAT what's the whole point behind using this feature well originally you 0:04:50.800000 --> 0:04:54.880000 know decades ago when NAT first came out the idea was that we could use 0:04:54.880000 --> 0:04:58.720000 NAT to save money it was a cost savings feature like look at this network 0:04:58.720000 --> 0:05:03.840000 here we've got a building that's got several IP subnet several VLANs several 0:05:03.840000 --> 0:05:08.920000 broadcast domains and they're connecting to an ISP well clearly they're 0:05:08.920000 --> 0:05:12.500000 going to need on this link right here we're going to need some sort of 0:05:12.500000 --> 0:05:17.960000 publicly routable address and the IP and the ISP is going to most likely 0:05:17.960000 --> 0:05:22.020000 sell that to us or give it to us so we'll have to take one IP address 0:05:22.020000 --> 0:05:26.080000 from that public subnet and attach it to this router's interface right 0:05:26.080000 --> 0:05:32.820000 here but as it says there's several subnets in this building because we've 0:05:32.820000 --> 0:05:36.200000 broken it out into different VLANs each one of those is going to need 0:05:36.200000 --> 0:05:40.580000 an IP network so now the question becomes do we need to get from the ISP 0:05:40.580000 --> 0:05:47.140000 dozens of other publicly routable networks so that whenever packets originate 0:05:47.140000 --> 0:05:50.880000 from these networks and go out they can be routed to the internet and 0:05:50.880000 --> 0:05:55.820000 more importantly a reply can come back to those packets well this could 0:05:55.820000 --> 0:05:59.540000 cost us a lot a lot of money because we'd have two options here option 0:05:59.540000 --> 0:06:04.620000 number one is maybe we get some really large just one one really large 0:06:04.620000 --> 0:06:15.300000 public network from the ISP like maybe the 120.50.0.0.0.16 now you know 0:06:15.300000 --> 0:06:19.820000 that the smaller your mask is for example a slash 16 is smaller than a 0:06:19.820000 --> 0:06:25.600000 slash 19 a slash 20 is smaller than a slash 24 the smaller your subnet 0:06:25.600000 --> 0:06:31.140000 mask is that means the more addresses the more hosts that network will 0:06:31.140000 --> 0:06:36.040000 support the downside to that is the costlier it's going to be you're going 0:06:36.040000 --> 0:06:41.140000 to spend hundreds if not thousands of more dollars to get a slash 16 than 0:06:41.140000 --> 0:06:46.240000 if you were to purchase a slash 20 or slash 24 so this right here is going 0:06:46.240000 --> 0:06:49.800000 to cost you a lot of big bucks now we're talking about decades ago here 0:06:49.800000 --> 0:06:54.100000 went back when these types of networks were available so that would be 0:06:54.100000 --> 0:06:57.660000 one option is just to get a huge network and to just carve it out into 0:06:57.660000 --> 0:07:01.960000 smaller subnets and place various different subnets in our building and 0:07:01.960000 --> 0:07:05.680000 then each subnet would be a publicly routable address because they were 0:07:05.680000 --> 0:07:12.380000 all derived from our main public address that we got from our ISP or alternatively 0:07:12.380000 --> 0:07:17.220000 we could we could just get a whole bunch of smaller networks like slash 0:07:17.220000 --> 0:07:25.140000 29 slash 30s slash 28s buy those already subnetted from our ISP each one 0:07:25.140000 --> 0:07:29.440000 being a public network but once again every public network you get cost 0:07:29.440000 --> 0:07:35.360000 you some money you had to pay a dollar amount for that so before net existed 0:07:35.360000 --> 0:07:39.660000 you didn't have a choice that's what you'd have to do but with net now 0:07:39.660000 --> 0:07:43.180000 we could save some money we could say hey the only public network we absolutely 0:07:43.180000 --> 0:07:48.400000 have to have is right here that's where our public network needs to go 0:07:48.400000 --> 0:07:54.540000 but we can use some private networks like the 192 168 the 10 networks 0:07:54.540000 --> 0:07:59.880000 we could put all those back here subnet subnet those out however we wish 0:07:59.880000 --> 0:08:04.100000 and then have our router perform network address translation and as those 0:08:04.100000 --> 0:08:08.180000 packets are leaving the network leaving our company change their source 0:08:08.180000 --> 0:08:12.620000 address from private address to a public address we could do that and 0:08:12.620000 --> 0:08:16.280000 we'll see some various ways to do that so initially it was a cost savings 0:08:16.280000 --> 0:08:23.860000 idea then as time went on ipv4 networks themselves became more and more 0:08:23.860000 --> 0:08:29.280000 scarce and ISP started running out to where we have our situation today 0:08:29.280000 --> 0:08:35.260000 in 2019 where your regional internet registry is like apnic and erin uh 0:08:35.260000 --> 0:08:39.800000 and ripe they're all out of ipv4 networks they have none left so the only 0:08:39.800000 --> 0:08:43.900000 remaining ipv4 subnets that are available for purchase are held either 0:08:43.900000 --> 0:08:47.940000 by private companies there's actually ipv4 brokers which are like private 0:08:47.940000 --> 0:08:51.720000 companies that will sell it to you or some isp's still have some left 0:08:51.720000 --> 0:08:56.560000 so here we are now in the present where the isp says i'm sorry you want 0:08:56.560000 --> 0:09:01.480000 50 publicly routable networks i can't give that to you i don't have enough 0:09:01.480000 --> 0:09:05.380000 left crud now what am i going to do well now we pretty much have to use 0:09:05.380000 --> 0:09:10.700000 net or we could transition over to ipv6 which is a big reason why companies 0:09:10.700000 --> 0:09:21.120000 are starting to move primary reason to use net but it is a benefit it 0:09:21.120000 --> 0:09:24.520000 is an optional benefit that you get with net when you use it which is 0:09:24.520000 --> 0:09:30.980000 security you see if someone over here let's say someone's sitting off 0:09:30.980000 --> 0:09:35.340000 of this router right here let's say here we have a server if this server 0:09:35.340000 --> 0:09:38.900000 whatever address he's using it's probably going to be a private address 0:09:38.900000 --> 0:09:43.520000 but let's just say his address is x x x x so that can be anything you 0:09:43.520000 --> 0:09:48.760000 want well as that server sends a packet as it leaves the net router the 0:09:48.760000 --> 0:09:55.960000 source address will be changed to y y y y why why do you ask well because 0:09:55.960000 --> 0:10:00.100000 naph did that well here's the thing that source address the original source 0:10:00.100000 --> 0:10:04.960000 address is hidden the outside world has no idea what the actual address 0:10:04.960000 --> 0:10:09.780000 is of that server and so it's kind of useful as a security mechanism especially 0:10:09.780000 --> 0:10:16.940000 if if this device if we say hey i never want anybody in the internet to 0:10:16.940000 --> 0:10:21.860000 initiate a connection to that device if that device initiates a connection 0:10:21.860000 --> 0:10:27.420000 to them yeah whoever is out there they can reply to it but i don't want 0:10:27.420000 --> 0:10:32.400000 anybody being able to start a connection inbound to that server well this 0:10:32.400000 --> 0:10:36.440000 is a useful security mechanism of net most of the flavors not all of them 0:10:36.440000 --> 0:10:41.080000 but most of the flavors of net are designed that the inside or private 0:10:41.080000 --> 0:10:46.220000 host on your network can initiate a connection outbound his traffic can 0:10:46.220000 --> 0:10:50.640000 be natted as it's going through the router so nobody knows what his actual 0:10:50.640000 --> 0:10:55.020000 IP address really was but they can reply to him based on what his new 0:10:55.020000 --> 0:11:00.140000 translated address is but anybody in the outside world cannot initiate 0:11:00.140000 --> 0:11:08.440000 a connection to him it's kind of like a basic firewall concept so on top 0:11:08.440000 --> 0:11:14.400000 of conserving your IP addresses so what's the translation logic of NAT 0:11:14.400000 --> 0:11:18.420000 so what we're looking at here is under what circumstances will a router 0:11:18.420000 --> 0:11:24.400000 that's configured for NAT say yes i will translate this packet or no i 0:11:24.400000 --> 0:11:27.180000 will not translate this packet all right so here are the various things 0:11:27.180000 --> 0:11:31.640000 that have to happen in order for this to occur so number one on your router 0:11:31.640000 --> 0:11:37.320000 you have to tell the router which interfaces lead to the outside for example 0:11:37.320000 --> 0:11:41.140000 an interface leading to your WAN or leading to the ISP that would be considered 0:11:41.140000 --> 0:11:46.620000 an outside interface and which interfaces lead to the inside now the reason 0:11:46.620000 --> 0:11:50.140000 why this is really important is for the second reason the only time a 0:11:50.140000 --> 0:11:56.060000 router will NAT a packet is if that packet arrived on an inside interface 0:11:56.060000 --> 0:12:00.900000 all right so for example packet number one here that could potentially 0:12:00.900000 --> 0:12:04.960000 be NATted because it did arrive on a NAT inside interface packet number 0:12:04.960000 --> 0:12:09.120000 two nope that is not a candidate for NAT because the interface it arrived 0:12:09.120000 --> 0:12:13.500000 on fast ethernet two two that was not configured as NAT inside so that 0:12:13.500000 --> 0:12:17.300000 will not be NATted but it's more than that not only does have to arrive 0:12:17.300000 --> 0:12:21.940000 on a NAT inside interface once it's looked up in the routing table the 0:12:21.940000 --> 0:12:26.740000 routing table has to direct it to a NAT outside interface so look at packet 0:12:26.740000 --> 0:12:30.260000 number one right there even though it arrived on a NAT inside interface 0:12:30.260000 --> 0:12:34.140000 according to the routing table it was routed out fast ethernet two two 0:12:34.140000 --> 0:12:39.420000 and because that's not NAT outside the addresses in that packet were left 0:12:39.420000 --> 0:12:43.660000 unchanged they were not NATted so that pack would have to be routed from 0:12:43.660000 --> 0:12:48.780000 fast ethernet zero zero to go out fast ethernet one one we're not done 0:12:48.780000 --> 0:12:59.000000 yet though so first criteria was the interfaces come in where's it going 0:12:59.000000 --> 0:13:04.460000 out third criteria is we have to define some commands in the router to 0:13:04.460000 --> 0:13:09.320000 tell it which packets can be NATted and which packets cannot this is typically 0:13:09.320000 --> 0:13:13.320000 done using an access list so you as a network engineer complete control 0:13:13.320000 --> 0:13:17.160000 over which packets are translated which ones are not so for example packet 0:13:17.160000 --> 0:13:22.080000 number one here you might say hey um yeah came in NAT inside it's going 0:13:22.080000 --> 0:13:26.900000 out NAT outside but this is a telnet packet i don't want to NAT that i 0:13:26.900000 --> 0:13:30.820000 want to leave that packet alone or maybe this is a web browsing packet 0:13:30.820000 --> 0:13:36.200000 and yes if it's HTTP i do want to translate that so you would build your 0:13:36.200000 --> 0:13:39.860000 access list to define what traffic is allowed and what traffic is not 0:13:39.860000 --> 0:13:45.720000 allowed to be NATted and then the last thing that happens is if the first 0:13:45.720000 --> 0:13:50.640000 four criteria are met then we translate the packet and we keep a record 0:13:50.640000 --> 0:13:54.740000 of that in our NAT translation table so you can see here it came in with 0:13:54.740000 --> 0:13:59.320000 a private address of 10111 before it leaves that router on the NAT outside 0:13:59.320000 --> 0:14:02.420000 interface we're going to change the source address to a public address 0:14:02.420000 --> 0:14:12.260000 of 1112 now let's talk about some NAT terminology here mostly from the 0:14:12.260000 --> 0:14:16.220000 perspective of local and global so when you read papers on NAT or when 0:14:16.220000 --> 0:14:19.240000 you start talking about NAT you're going to see these terms of inside 0:14:19.240000 --> 0:14:24.200000 local inside global outside local outside global what the heck does that 0:14:24.200000 --> 0:14:29.940000 mean so we need to understand what those terms mean so these terms of 0:14:29.940000 --> 0:14:34.960000 local and global refer to the actual addresses that NAT can potentially 0:14:34.960000 --> 0:14:41.580000 act upon so local means this is an IP address from the view point of devices 0:14:41.580000 --> 0:14:49.560000 located on the inside or pre-translated networks in other words if see 0:14:49.560000 --> 0:14:53.780000 here i think we have a picture of this yes so right here look at the host 0:14:53.780000 --> 0:14:59.700000 on the far left 10 111 as his packet is reaching the NAT router nothing 0:14:59.700000 --> 0:15:04.740000 has been translated yet so his source address of 10111 everybody to the 0:15:04.740000 --> 0:15:08.520000 left of the router so if i was actually just put a line right down here 0:15:08.520000 --> 0:15:14.800000 everybody to the left of the router knows that host as 10111 so that is 0:15:14.800000 --> 0:15:20.440000 a pre-translated address that is considered an inside local address and 0:15:20.440000 --> 0:15:26.280000 that's how the router knows him as 10111 now if that address gets translated 0:15:26.280000 --> 0:15:32.840000 as it's leaving the outside world knows of that same host as whatever 0:15:32.840000 --> 0:15:39.560000 his address was post-translation in this case 135 1111 so that is considered 0:15:39.560000 --> 0:15:45.420000 an inside global address inside because that address belongs to an inside 0:15:45.420000 --> 0:15:51.300000 host he's reachable via an inside interface but it's global because this 0:15:51.300000 --> 0:15:57.540000 is how the global world sees him so like i said most of the time when 0:15:57.540000 --> 0:16:01.300000 you're dealing with NAT you're talking about changing source addresses 0:16:01.300000 --> 0:16:06.480000 now NAT also has a capability of changing destination addresses not used 0:16:06.480000 --> 0:16:12.200000 as much so we also have a concept of outside global and outside local 0:16:12.200000 --> 0:16:20.400000 for example right now if this host right here was trying to get to this 0:16:20.400000 --> 0:16:25.000000 device which is a globally accessible web server or something that has 0:16:25.000000 --> 0:16:33.520000 a real IP address of 75111 if this host through like domain name resolution 0:16:33.520000 --> 0:16:36.860000 or something like that discovered that the IP address of that outside 0:16:36.860000 --> 0:16:44.740000 host was actually 75111 from this host perspective that address of 75111 0:16:44.740000 --> 0:16:49.320000 is considered an outside global address and everybody in the internet 0:16:49.320000 --> 0:16:56.060000 knows of this guy via 75111 but we could potentially do NAT to where we 0:16:56.060000 --> 0:17:00.080000 tell this guy right here let's just do a little thought bubble we could 0:17:00.080000 --> 0:17:08.420000 say hey that server you want to get to he is actually um 10.2.2.2 we could 0:17:08.420000 --> 0:17:12.600000 make him believe it was something else and then he would send his packet 0:17:12.600000 --> 0:17:16.880000 to 10222 and we could give this router right here the logic to know hey 0:17:16.880000 --> 0:17:22.600000 when you see a packet with a destination of 10222 I want you to translate 0:17:22.600000 --> 0:17:27.540000 that too I want you to translate it into the outside global address so 0:17:27.540000 --> 0:17:32.260000 from this guy's perspective that address of 10222 which doesn't really 0:17:32.260000 --> 0:17:36.820000 exist from his perspective that would be considered as an outside local 0:17:36.820000 --> 0:17:43.000000 address locally that's how he sees this guy not with the real global address 0:17:43.000000 --> 0:17:48.060000 but as an outside local address so that's only relevant when you're using 0:17:48.060000 --> 0:17:52.020000 NAT to translate destination addresses this concept of outside global 0:17:52.020000 --> 0:17:56.980000 and outside local the last thing I want to touch upon here in this video 0:17:56.980000 --> 0:18:00.760000 are the main types of NAT we're going to talk about in the rest of this 0:18:00.760000 --> 0:18:04.960000 course so there is static NAT and that's the first thing we're going to 0:18:04.960000 --> 0:18:10.100000 talk about that's where the IP address of an inside host is a known address 0:18:10.100000 --> 0:18:14.220000 it's a static address that does not change so that'd be most likely relevant 0:18:14.220000 --> 0:18:19.000000 for like a server that never moves and we're going to take that inside 0:18:19.000000 --> 0:18:23.640000 local address and we're going to statically map it to an inside global 0:18:23.640000 --> 0:18:27.620000 address so whenever he's NATted the address he's NATted to is predictable 0:18:27.620000 --> 0:18:31.120000 we know exactly what's going to be it's always going to be the exact same 0:18:31.120000 --> 0:18:37.000000 thing that's called static NAT not as many use cases for that but there 0:18:37.000000 --> 0:18:41.440000 are some and we'll talk about that and then there's dynamic a dynamic 0:18:41.440000 --> 0:18:45.800000 NAT this is where you say okay I'm going to have a pool of addresses that 0:18:45.800000 --> 0:18:51.140000 can be translated to in other words maybe I've got 25 publicly routable 0:18:51.140000 --> 0:18:55.120000 addresses in my pool and it's going to be first come first serve so when 0:18:55.120000 --> 0:18:59.380000 a packet comes in that needs to be NATted I will just translate him to 0:18:59.380000 --> 0:19:03.160000 the very first address available in the pool and then the next packet 0:19:03.160000 --> 0:19:06.140000 that comes in I'll give him the next address that's available in the pool 0:19:06.140000 --> 0:19:11.140000 so in this case we cannot predict in advance what address any given client 0:19:11.140000 --> 0:19:14.740000 is going to be translated to because it's whatever the next address is 0:19:14.740000 --> 0:19:19.460000 it's available in the pool that's called dynamic NAT and then lastly there's 0:19:19.460000 --> 0:19:23.120000 something called NAT overloading otherwise known as port address translation 0:19:23.120000 --> 0:19:27.280000 and this one is actually very very popular and most of the time when you 0:19:27.280000 --> 0:19:30.720000 buy a little home router for your house it's already configured for this 0:19:30.720000 --> 0:19:36.040000 by default which is where every single packet that comes into the device 0:19:36.040000 --> 0:19:40.800000 regardless of what its source IP address is is always translate to the 0:19:40.800000 --> 0:19:45.380000 exact same source IP address so if I was on the outside of that router 0:19:45.380000 --> 0:19:48.740000 if I was on the internet and watching all the packets are going into the 0:19:48.740000 --> 0:19:52.340000 internet every single one of those packets would look like it was coming 0:19:52.340000 --> 0:19:55.800000 from the same place every single one of those packets would have the exact 0:19:55.800000 --> 0:20:00.100000 same source IP address but in reality they've actually been sourced from 0:20:00.100000 --> 0:20:05.000000 different clients on the local inside network and I might be sort of wondering 0:20:05.000000 --> 0:20:08.680000 how the heck does that happen and how does the reply traffic get back 0:20:08.680000 --> 0:20:12.680000 to those guys we'll talk about that when we get into the video on port 0:20:12.680000 --> 0:20:17.940000 address translation so that concludes this video on an introduction to