Skip to main content

Network Address Translation

aliases:

  • NAT

A network protocol that is used to allow multiple computers to share a single public IP address for use over the Internet. NAT is required to be enabled on the default gateway for hosts on the internal network to access the Internet.

NAT was designed to limit the use of public IPv4 addresses, since they are in short supply. NAT is usually deployed on edge routers (also called the network gateway), but is also used in firewalls, proxy servers, and more.

Static NAT vs. Dynamic NAT

Usually, NATs job is to perform 1-to-1 mapping, converting from the routers public IP address to the private IP address of the host. This is called static NAT. However, static NAT isn't really useful in most scenarios. Dynamic NAT solves this problem. Dynamic NAT builds a table of public to private mappings for the hosts in the network. Each session creates a new binding in the table, with bindings being release when the host is finished.

Port Address Translation

Under NAT, we're still limited by the number of public IP addresses we can use. That's why we can use the many ports we have to represent our private IP addresses. PAT is also known as:

  • Network Address Port Translation (NAPT)
  • NAT Overloading
  • One-to-Many / Many-to-One
  • NAT Masquerade

PAT works by giving each new outbound connection an ephemeral Transport layer port ID. For example, lets say hosts 10.0.0.101 and 10.0.0.102 each make a web connection at the same time. PAT would create two new port mappings, on ports 61101 and 61102 for example. It then replaces the private IP addresses with it's own public IP address.

#XI

Back to top