Network Address Translation (NAT)

Network Address Translation, NAT, allows an internal IP network (such as those defined in RFC 1918) to appear as a publicly routed network on the internet.

A NAT device such as a firewall or router will modify the source or destination IP in a packets header as they arrive on an inside or outside interface. Typically most routers do not translate IP addresses within the payload of a packet.

NAT can be used to translate network addresses in other scenarios too, if there is a situation where two separate networks share similar private network subnet addressing, NAT can be utilised to translate to a unique network address to establish a connection.

Terms in NAT

There are four important terms related to Network Address Translation

Inside Local

The private IP address assigned to a device on the inside network

Inside Global

The public IP address that represents one or more inside local IP addresses

Outside Local

The IP address of an outside host as it appears to the inside network. The IP address does not need to be reachable by the outside, but must be reachable by the inside network.

Outside Global

The public IP address assigned to a host on the outside network. The IP address must be reachable by the outside network

Types of NAT

There are three common types of network address translation

Static Network Address Translation

Static NAT provides a 1-to-1 mapping of a local IP address to a global IP address

Pooled Network Address Translation

Pooled Network Address Translation provides a dynamic 1-to-1 mapping of a local IP address to a global IP address for a duration of time. If the dynamic translation becomes idle, the global IP address goes into a pool of addresses to be re-used by the same or another local IP address

Port Address Translation

Port Address Translation (PAT) provides a many to one mapping of multiple local IP addresses to a single global IP address.

A mechanism is used in the NAT device to identify the specific IP address to return traffic from the outside back to the private IP address on the inside.

The mechanism translates the local IP address and source port to the global IP address and a unique port number for the duration of the session.



, ,




Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.