(Network Address Translation) An IETF standard that allows an organization to present itself to the Internet with far fewer IP addresses than there are nodes on its internal network. The NAT technology, which is implemented in a router, firewall or PC, converts private IP addresses (such as in the 192.168.0.0 range) of the machine on the internal private network to one or more public IP addresses for the Internet. It changes the packet headers to the new address and keeps track of them via internal tables that it builds. When packets come back from the Internet, NAT uses the tables to perform the reverse conversion to the IP address of the client machine. NAT is also provided with Windows Internet Connection Sharing (see ICS).|
One disadvantage of NAT is that it defeats "Internet transparency," which means that packets remain intact from end to end (see RSIP).
NAT Adds Security
NAT not only conserves public IP addresses, but it also enhances security by keeping internal addresses hidden from the outside world. NAT prevents several kinds of first-level attacks, but not all, and must be used in conjunction with a personal firewall in a home network and more robust firewalls in a company (see firewall).
Static and Dynamic NAT
In static NAT, there is a manual assignment of a public address to each internal machine, and that assignment is used all the time. Dynamic NAT uses a pool of public addresses and assigns them on a first-come, first-served basis. Both static and dynamic NAT require that enough public addresses are available to satisfy the total number of simultaneous user sessions.
Port Address Translation (PAT)
The most common NAT method used today is port address translation (PAT), which is also called "NAT overloading," "network address port translation" (NAPT) and "NAT/PAT." PAT is used in large enterprises as well as small offices and the home. Just like any department in a company, families want simultaneous Internet access for several people, and cable modems, DSL and ISDN connections have only one public IP address.
PAT ensures that a different TCP port number is used for each client session with a server on the Internet. When the response comes back from the server, the source port number, which becomes the destination port number on the return trip, determines which user to route the packets to. It also validates that the incoming packets were indeed requested. See NAT traversal, UDP hole punching, private IP address and proxy server.
By using a different port number for each user, the NAT device knows which client PC to route the incoming packets to.