Network Address Translation (NAT) allows multiple devices in a private network to access the internet using a single public IP address. It helps conserve IPv4 addresses and hides internal systems for added security.
- Translates private IPs to public IPs and vice versa.
- Prevents IPv4 address exhaustion
- Adds security by masking internal devices
- Allows thousands of devices to share one public IP
Note: IPv4 provides only 2³² (about 4.3 billion) addresses, which is insufficient considering the massive number of devices connected to the Internet. NAT prevents IP exhaustion by enabling thousands of private devices to share a limited number of public IP addresses.
Working of NAT
This explains how NAT functions:
- A device sends a request → reaches the NAT-enabled router.
- Router replaces the private IP with its public IP and assigns a unique port.
- NAT stores this mapping in the NAT table.
- When the server responds, NAT uses the stored entry to send the packet to the correct internal device.
Why this works:
- Many devices can share one public IP
- Port numbers separate device traffic
- Internal IPs stay hidden from the internet
Examples of NAT Usage
- Connecting Private Networks to the Internet: A NAT - enabled router translates all private IPs to a single public IP, allowing internal devices to access the Internet securely.
- Linking Multiple Office Locations: Organizations use NAT to translate IPs between branches, enabling communication across locations while maintaining private IP schemes internally.
Note: When the response arrives from the external server, NAT uses the stored entry to identify the correct internal device. It then replaces the public IP and port with the original private IP and forwards the packet back to the device.
Why NAT Masks Port Numbers?
If two internal devices use the same port to reach the same destination, replies become indistinguishable. NAT fixes this by:
- Changing both the private IP and source port
- Storing a unique entry in the NAT table
- Ensuring replies reach the correct device
NAT Inside and Outside Addresses
Inside refers to the addresses which must be translated. Outside refers to the addresses which are not in control of an organization. These are the network addresses where the translation will occur.
| Term | Meaning |
|---|---|
| Inside Local | Private IP inside the network (actual host IP). |
| Inside Global | Public IP representing the inside host externally. |
| Outside Local | Destination IP as seen inside the local network. |
| Outside Global | Actual IP of the external destination host. |
Types of NAT
There are three types of NAT:
1. Static NAT
- Maps one private IP to one public IP (one - to - one mapping).
- Commonly used in hosting, but not cost - effective for large organizations since each device requires a public IP.
2. Dynamic NAT
- Maps private IPs to public IPs from a predefined pool.
- If the pool is exhausted, additional requests are dropped.
- Suitable for networks with a limited number of users but still costly.
3. Port Address Translation (PAT)
- Also called NAT Overload.
- Multiple private IPs share a single public IP, with unique port numbers distinguishing traffic.
- Most widely used because it’s cost - effective and supports thousands of users with a single public IP.
NAT Techniques
- Static Mapping: Maps a specific private IP to a fixed public IP.
- IP Masquerading: Hides an entire private network behind a single public IP.
- Translation Table Mapping: Uses a NAT table to track multiple private - public mappings.
- PAT (Port Address Translation): Adds port - level translation for efficient IP usage.
- Round - Robin Mapping: Distributes incoming connections from a single public IP to multiple private IPs in sequence.
Pros and Cons of NAT
These are some pros and cons of NAT:
| Pros of NAT | Cons of NAT |
|---|---|
| Conserves public IP addresses | Breaks end-to-end connectivity |
| Hides internal network for security | Can cause issues with some applications (VoIP, gaming) |
| Enables multiple devices to share one public IP | Adds processing overhead on the router |
| Improves privacy by masking internal IPs | Makes peer-to-peer connections more complex |
