Does NAT Map to the MAC Address, or to the Local IP

dhcpnat;router

I would like to set up NAT to put a service on internet using my Technicolor TG 582 router. I mention the specific router model just to have a reference, but the question goes in general as I may need to use this programming with different routers.

I would like to have the DHCP server assign addresses to the services, but at the same time, use NAT to point to the services.

I have been told by colleagues that if you let DHCP assign the IP to the device, the specific NAT rule will eventually fail, as the DHCP server on the router will, over time, change the assigned local IP, invalidating the NAT port link–which is to the local IP, not to the MAC (physical) address of the device.

Based on this information my practice has been to use a static IP for any services behind the router that are to be accessed from outside. However apparently the router sometimes "identifies" a device by its MAC, and other times by its local IP. My own logic tells me the router should "route" or NAT the specific port request from the outside to the MAC address where I have the service, and not to the IP.

So which is it? The second part of the question would be, if the DHCP server restarts, or, for example, the client device goes offline, then comes back on, will the DHCP server try to maintain the previous local IP assigned to the device, or will it just pick the next available IP?

Best Answer

To answer the question asked:

NAT is a layer 3 networking effect - it happens when packets are routed, whereas MAC addresses are a layer 2 network aspect - they are only meaningful on the local network. So to answer your question, you cannot NAT to a MAC address - the notion of NAT cannot work across layers.

To answer the actual question (how can I use DHCP and ensure NAT still works):

You just need to reserve your IP address in DHCP so that it doesn't change over time. This is bound to the MAC address of your machine. So and tells the DHCP server that if a request for an IP address comes from a specific MAC address, it should be assigned a specific IP address.

using the linux program dhclient.

If you don't have linux installed, you can use a bootable Linux live CD.

[edit] If you do this trick to create an address reservation for an actual Windows machine, first switch the NIC in Windows to a static IP, because after a reboot in DHCP mode Windows may send a DHCP request with its last used IP, which would annihilate your efforts with dhclient below...

The trick is to send a DHCP request with your desired IP address from the same NIC (or better: same MAC address).

Edit the /etc/dhcp/dhclient.conf and add the following line (you might have to first copy the file to a writeable location if booting from a CD):

send dhcp-requested-address 192.168.1.240;

Then stop and start dhclient as user root, where your NIC is eth0 (check by issuing ip addr show beforehand)

dhclient -r -v
dhclient -4 -d -v -cf /etc/dhcp/dhclient.conf eth0

If successfull, your DHCP server will fulfill your prepared request. Sometimes you will have to delete the device entry in the DHCP table before issuing dhclient -4 -d ....

Then make that device IP address in the DHCP table of the router a fix address reservation. This will associate the IP to the MAC of the device and return the same IP everytime a DHCP request with that MAC address is encountered in the future.

Networking – What’s the difference between DHCP and NAT? Are they mutually exclusive

NAT is a way to translate traffic in several ways. The simplest in home routers is to make everything seem like they’re behind the same IP address. This means any outbound connection from the local network is taken in, its source address is set to the router’s public address, a new port is allocated and the modified packet is sent forward. When there’s a packet back the same thing is done in reverse and the packet is sent to the original device.

NAT doesn’t need to be between private and public networks. It can also be between two public networks or two private ones. It just diverts traffic and doesn’t know anything about public or private.

DHCP is completely unrelated to this. It is a way for devices to shout to the local network asking for an IP address and other related information (like the gateway address, name servers etc) to be given to them. Again, a home router usually has a server to serve the clients in the local network. Without a DHCP server you’d need to set all IP addressed by hand to each device (or use the automatic IP system in Windows, for example, but that is only for local networks, not internetworking). The devices can not communicate using IP unless they have IP addresses and since practically all communications is over IP it’s needed.

The IP address given isn’t necessarily public. Maybe this causes the confusion to you. It’s any address that’s defined in the DHCP pool, or maybe even a static one for that specific device.

So you can have DHCP allocating IP addresses and never use a NAT. It just gives IPs from the pool and that’s that. You can also have NAT without DHCP. You can set fixed IPs, or you can use NAT to divert traffic through a firewall to some other machine etc. It doesn’t need anything from DHCP.

In home networks both are useful since there’s pretty much always only one external IP and users don’t want to manually set fixed IP addresses. So DHCP gives them local private IPs and NAT translates connections so that they look like they come from the same address.

Best Answer

Related Solutions

Networking – How to request a specific IP address from DHCP server

using the linux program dhclient.

Networking – What’s the difference between DHCP and NAT? Are they mutually exclusive

Related Question