Author: David Ho
Last Revised: Mar 30, 2007
Network address translation (NAT) is the process of re-writing the source and/or the destination addresses of Internet protocol (IP) packets as they pass through a router or firewall. NAT is also known as network masquerading, native address translation or IP-masquerading. Traditionally, NAT devices are used to connect multiple hosts of a private network realm with unregistered addresses to a public network realm with globally unique registered addresses using a single IP address.
With the increase of use of the Internet with home networks and business networks, there was a shortage of available IP addresses. IPv6 is being developed to solve to this shortage to redesign the address format to allow for more possible addresses, but this would take several years to implement. NAT first became popular to deal with this IPv4 address shortage and was a way to avoid reserving IP addresses.
Developed by Cisco, NAT is used by a device such as a router, firewall, or computer that acts as an interpreter between two networks. For example, in home networks, it would be a device that sits between the Internet and the home network. The Internet would be the "public" network and the home network would be considered as the "private" network. When a computer on the home network requests data from the Internet, the NAT device will open a little channel between the source computer and the destination computer. When the destination computer returns results to the source computer, it is passed back through the NAT device.
There are many forms of NAT and work in several ways listed below.
1. Static NAT - Mapping on a one-to-one basis an unregistered IP address to a registered IP address.
2. Dynamic NAT - Maps an unregistered IP address to a registered IP address from a group of registered IP address.
3. Overloading - This is a form of Dynamic NAT that maps multiple unregistered IP addresses to a single registered IP address by using different ports. This is also known as Port Address Translation (PAT), single address NAT or port-level multiplexed NAT.
4. Overlapping - A router must maintain a lookup table when IP addresses used on the private network are registered IP addresses in use on another network. The router must intercept these IP addresses and replace them with registered unique IP addresses. The NAT router must translate the internal addresses to registered unique IP addresses as well as translate the external registered addresses to addresses unique to the private network. This can be done by using static NAT or using DNS and implementing dynamic NAT.
NAT is convenient and has a low cost. The feature of lack of full bidirectional connectivity is more of an advantage than a limitation in some situations. Since NAT depends on a computer on a local network to initiate a connection to hosts on the other side of the router, it prevents malicious activity initiated by outside hosts on the local host. This can enhance privacy by discouraging scans and enhance the chance of stopping worms on the local host.
The greatest benefit of NAT is being a practical solution to the shortage of IPv4 address space. Networks that require a Class B IP range or a block of class C network addresses can now be connected to the Internet with as little as one IP address.
Hosts behind a NAT-enabled router do not have true end-to-end connectivity. This could be a problem participating in some Internet protocols. Services could be disrupted that require the initiation of a TCP connection from outside the network. If NAT routers do not make arrangements to support such protocols, incoming packets cannot reach its destination. Furthermore, depending on one’s point of view, NAT has greatly slowed the acceptance of IPv6, isolating it to research networks and limited public use.
[1]
http://www.howstuffworks.com/nat1.htm
[2]
http://www.faqs.org/rfcs/rfc2663.html
[3]
http://www.homenethelp.com/web/explain/about-NAT.asp
[4]
http://en.wikipedia.org/wiki/Network_address_translation
Wireless Router Technology
Construct Local Area Networks
Next Generation Firewalls
Network Address Translation - Wikipedia.org, the free encyclopedia