2
I know computers in different subnets can't communicate unless we use a router.
For example:
PC A is in subnet 192.168.1.0/24 and B is in 192.168.2.0/24.
A and B are connected with router C with interfaces 192.168.1.1 , 192.168.2.1 .
When sending out packet from A to B, does the router send the packet using NAT(Network Address Translation)?
If not, how could A and B communicate to each other?
I'm a newbie to networking.
Andrew Li
Posted 2018-11-07T10:33:47.963
Reputation: 145
3
When sending out packet from A to B, does the router send the packet using NAT(Network Address Translation)?
Usually no. It technically could, but it doesn't have to – there is no need for NAT in this situation.
(I'm assuming that C is acting as both A's and B's "default gateway".)
If not, how could A and B communicate to each other?
Try the opposite question: why is NAT necessary for some kinds of communication?
NAT becomes necessary because the Internet doesn't know where 'internal' addresses are; it only knows where your 'public' address is. So the only way you can get replies from Internet hosts is by pretending that they were sent from the router's public address.
But in your example, the router knows perfectly well where both subnets are. And if the router is both hosts' default gateway, that means the hosts also know well enough how to reach the opposite subnet: A has a route to B, B has a route to A, C has routes to both. Therefore the earlier mentioned reason for NAT doesn't apply.
user1686
Posted 2018-11-07T10:33:47.963
Reputation: 283 655
The IP packet after router keeps the original? – Andrew Li – 2018-11-08T02:51:58.043
Yes. (Why wouldn't it?) – user1686 – 2018-11-08T04:51:57.187
2
Based on the information provided on the question it's not possible to know of the router is performing NAT or not. However a simple test can be used to determine if NAT is in use:
If you can successfully ping PC B from PC A and vise-versa using each PC's actual IP address, then the router is not performing NAT. (This assumes there are no firewalls blocking ping, so you may need to disable any, including on the PCs.)
Conversely, if NAT is in use, the PC "behind" the NAT will be able to ping the other computer, but it won't work the other way around. For example, of PC A is behind a router doing NAT, it would be able to ping B, but B would not be able to ping A (using A's actual IP address). This is because NAT translates (i.e. masquerades) PC A's IP address to make it appear as though it has an IP address on the same subnet as PC B. This is useful when you have a lot of devices on subnet A, each with their own IP address, but you only have one IP address on subnet B (which could be the Internet). NAT let's all those devices communicate with the rest of the network/Internet through a single IP address. This is used extensively to mitigate the impact of IP v4 exhaustion.
If NAT is not in use, then the router simply does what all routers do...it sends packets from PC A destined to PC B out the correct interface so they reach their destination. Most routers have multiple interfaces connected to a variety of networks, such as may be the case in an organization where multiple buildings each have their own network connected by a central router.
Most "routers" that connect two networks, specifically a LAN to the Internet, are not actual routers in the strict sense, but are Residential Gateways.
I say Reinstate Monica
Posted 2018-11-07T10:33:47.963
Reputation: 21 477
Both PC's must have a gateway (default gateway or common route) to the subnet of another PC via router's address in their subnet. If not, it will cause uni-directional or none ping while NAT and none ping without it dependent by which PC have or have not proper gateway setting. Additional info can be obtained looking the ping error (timeout or destination unreacheable). – Akina – 2018-11-07T11:09:12.643
@Akina you are correct. I'm assuming that in the OP's example network the router connected to each subnet serves as that network's default gateway. – I say Reinstate Monica – 2018-11-07T11:17:51.950
192.168.1.3 and 192.168.2.4 could communicate each other in same Lan? – Andrew Li – 2018-11-07T11:19:24.980
1@AndrewLi Directly, without router? Only when their subnet mask is /22 or more wide, otherwise no. – Akina – 2018-11-07T11:22:16.727
Without router. @Akina – Andrew Li – 2018-11-07T11:22:49.700
I think that router makes the forwarding table. router uses ip forwarding? – Andrew Li – 2018-11-07T11:24:15.390
@AndrewLi No. Router (without NAT/masquerade/etc.) have no any forwarding table. Each data packet is routed separately using source address, destination address and local routuing table. Forwarding table is needed only when some packet address altered during transfer - simple routing do it never. – Akina – 2018-11-07T11:26:16.240
The router creates a routing table. It builds it dynamically through the use of routing protocols. This lets it determine the best interface to transmit packets with based on a variety of factors, including their destination address, the cost of the link, network conditions, etc.
– I say Reinstate Monica – 2018-11-07T11:27:47.613@Akina the destination pc resolve the ip with different subnet? What does the router do? – Andrew Li – 2018-11-07T11:27:51.600
1"If you can successfully ping PC B from PC A and vise-versa using each PC's actual IP address, then the router is not performing NAT" -- no, this isn't necessarily true. While SNAT translates outgoing packets, it does not magically block incoming ones. As long as the firewall permits it (and as long as routes exist), it is perfectly possible to ping/reach into a subnet that would be NATed outbound. What you need to check is whether packets received by PC B still have PC A's source IP address, rather than the router's own. – user1686 – 2018-11-07T11:27:56.620
@AndrewLi the destination pc resolve the ip with different subnet? I don't understand what you mean. – Akina – 2018-11-07T11:30:17.383
@grawity hmmmm good point. I'm trying to offer the OP a simple way to test this with having to use something like Wireshark. Any suggestions? – I say Reinstate Monica – 2018-11-07T11:31:17.260
I think that the network packet includes the source ip and port. When passing packet through the router, the source ip and port is changed like NAT? – Andrew Li – 2018-11-07T11:32:15.637
No, when NAT is not occurring, the source addressing is not changed. As @grawity points out, that's the most reliable way to know NAT is not in use. – I say Reinstate Monica – 2018-11-07T11:34:12.823
@TwistyImpersonator: If the PCs accept some form of TCP connection (e.g. SMB on port 445 or Remote Desktop on 3389 or SSH on 22...), OP could run netstat -n on the receiving PC while having the connection established, and look at the "Remote address" column. I'm not sure if that's simpler than installing Wireshark though -- it just avoids having to download extra stuff. – user1686 – 2018-11-07T11:35:03.227
@grawity agreed. Thanks for pointing out the needed improvement. I'll assess it when I get off mobile. – I say Reinstate Monica – 2018-11-07T11:38:07.467
3If all of those are your devices and there isn't any kind of Internet connection there would be no NAT. NAT is the process of communicating with a limited set of IPs and masquerading the others you got. Most common example is your internet access at home. You're using private IPs for your PC, TV and phone and only a single public IP to access the internet. Just communicating between subnets would be simple routing. Check out some of the other network questions or Wikipedia article on NAT an routing for some more information. Welcome to SU. – Seth – 2018-11-07T10:39:33.757
1Read up on routing (that's why these devices are called "routers"). If C is the default gateway for both A and B, you need only to set routes on C. Most routers are embedded Linux boxes, so
ip route add ...on the root account, or whatever configuration files it uses. – dirkt – 2018-11-07T10:59:21.987