Network Address Translation, NAT, allows an internal IP network (such as those defined in RFC 1918) to appear as a publicly routed network on the internet.
A NAT device such as a firewall or router will modify the source or destination IP in a packets header as they arrive on an inside or outside interface. Typically most routers do not translate IP addresses within the payload of a packet.
NAT can be used to translate network addresses in other scenarios too, if there is a situation where two separate networks share similar private network subnet addressing, NAT can be utilised to translate to a unique network address to establish a connection.
Terms in NAT
There are four important terms related to Network Address Translation
The private IP address assigned to a device on the inside network
The public IP address that represents one or more inside local IP addresses
The IP address of an outside host as it appears to the inside network. The IP address does not need to be reachable by the outside, but must be reachable by the inside network.
The public IP address assigned to a host on the outside network. The IP address must be reachable by the outside network
Types of NAT
There are three common types of network address translation
Static Network Address Translation
Static NAT provides a 1-to-1 mapping of a local IP address to a global IP address
Pooled Network Address Translation
Pooled Network Address Translation provides a dynamic 1-to-1 mapping of a local IP address to a global IP address for a duration of time. If the dynamic translation becomes idle, the global IP address goes into a pool of addresses to be re-used by the same or another local IP address
Port Address Translation
Port Address Translation (PAT) provides a many to one mapping of multiple local IP addresses to a single global IP address.
A mechanism is used in the NAT device to identify the specific IP address to return traffic from the outside back to the private IP address on the inside.
The mechanism translates the local IP address and source port to the global IP address and a unique port number for the duration of the session.