What is Network Address Translation?
The definition of Network Address Translation
Network Address Translation (NAT) is a service that is used in routers. Its purpose is to translate a set of IP addresses to another set of IP addresses.
If you are viewing this article on the internet on the WIMIA website, there’s a very good chance that you are using Network Address Translation (NAT) right now.
Some background on NAT
IP version 4 is the fourth version of the Internet Protocol. When the IP version 4 address was created, engineers had no concept of how big the internet would become. At the time of its inception, the Internet was an avenue for academics–it was not meant for you and me. So having 4 billion IP version 4 addresses available seemed like more than enough.
Fast forward to today.
At this point, the current estimate is that there are about 100 million hosts and more than 350 million users actively on the Internet. That is more than the entire population of the United States! In fact, the rate of growth has been such that the Internet is effectively doubling in size each year.
So what does the size of the Internet have to do with NAT? Everything!
For a computer to communicate with other computers and web servers on the Internet, it has to have an IP address. An IP address is a unique 32-bit number that identifies the location of your computer on a network. Basically, it works like your street address–as a way to find out exactly where you are and deliver information to you.
It follows that with the massive population explosion, coupled with the fact that some of the 7.97 billion people on this planet have several devices in their homes and in their back pockets, we needed to figure out how to get more devices on the internet.
The most common form of network translation involves a large private network using addresses in a private range (10.0.0.0 to 10.255.255.255, 172.16.0.0 to 172.31.255.255, or 192.168.0 0 to 192.168.255.255). The private addressing scheme works well for computers that only have to access resources inside the network, like workstations needing access to file servers and printers. Routers inside the private network can route traffic between private addresses with no trouble.
However, to access resources outside the network, like the Internet, these computers have to have a public address in order for responses to their requests to return to them.
This is where NAT comes into play.
Internet requests that require Network Address Translation (NAT) are quite complex but happen so rapidly that the end user rarely knows it has occurred.
A workstation inside a network makes a request to a computer on the Internet. Routers within the network recognize that the request is not for a resource inside the network, so they send the request to the firewall.
The firewall sees the request from the computer with the internal IP. It then makes the same request to the Internet using its own public address and returns the response from the Internet resource to the computer inside the private network. From the perspective of the resource on the Internet, it is sending information to the address of the firewall. From the perspective of the workstation, it appears that communication is directly with the site on the Internet.
When NAT is used in this way, all users inside the private network access the Internet have the same public IP address when they use the Internet. That means only one public address is needed for hundreds or even thousands of users.
What is the purpose of NAT
The main use of NAT is to limit the number of public IP addresses an organization or company must use, for both economic and security purposes.
Those original 4 billion unique addresses were not all able to be assigned to devices for communication. Some were used for testing, broadcast, and military purposes. While that left over 3 billion for communication, as we explained, the proliferation of the internet meant the addresses were near exhaustion.
In the meantime, NAT was introduced by Cisco and widely deployed.
Most modern firewalls are stateful – that is, they are able to set up the connection between the internal workstation and the Internet resource. They can keep track of the details of the connection, like ports, packet order, and the IP addresses involved. This is called keeping track of the state of the connection. In this way, they are able to keep track of the session composed of communication between the workstation and the firewall, and the firewall with the Internet. When the session ends, the firewall discards all of the information about the connection.
There are other uses for Network Address Translation (NAT) beyond simply allowing workstations with internal IP addresses to access the Internet. In large networks, some servers may act as Web servers and require access from the Internet. These servers are assigned public IP addresses on the firewall, allowing the public to access the servers only through that IP address.
However, as an additional layer of security, the firewall acts as the intermediary between the outside world and the protected internal network. Additional rules can be added, including which ports can be accessed at that IP address.
Using NAT in this way allows network engineers to more efficiently route internal network traffic to the same resources, and allow access to more ports while restricting access at the firewall. It also allows detailed logging of communications between the network and the outside world.
Additionally, NAT can be used to allow selective access to the outside of the network, too. Workstations or other computers requiring special access outside the network can be assigned specific external IPs using NAT, allowing them to communicate with computers and applications that require a unique public IP address. Again, the firewall acts as the intermediary and can control the session in both directions, restricting port access and protocols.
There are many forms of Network Address Translation and it can function in several ways.
What is Static NAT
Static Network Address Translation (SNAT) is used to conserve IP addresses by allowing private IP networks with unregistered IP addresses to connect to the Internet. SNAT maps unregistered IP addresses using 1-to-1 network address translation to match up with registered IP addresses.
NAT translates the private addresses in the internal network into legal addresses before they are forwarded to another network.
Why is this important? Because hackers cannot directly attack clients if the addresses are hidden.
What is Dynamic NAT
While static NAT is a constant mapping between inside local and global addresses, dynamic network address translation allows you to automatically map inside local and global addresses (which are usually public IP addresses). Dynamic NAT uses a group or pool of public IPv4 addresses for translation.
What is PAT
Port address translation (PAT) is NAT overload. PAT is actually a modified version of dynamic NAT in which the number of inside local addresses is greater than the number of inside global addresses.
There is generally one single inside global IP address providing Internet access to all inside hosts. NAT Overloading is the only version of NAT that actually conserves IP addresses and it is also the most popular form of NAT as well. PAT is often most cost-effective when many users are connected to the internet through just one public IP address.
Advantages of using NAT
Some Advantages of using NAT include:
- Address Conserving. When the user uses NAT overload, NAT allows preserving the IPv4 address space by allowing the privatization of intranets. This especially happens through the process of Intranet Privatization. In this process, all the addresses are saved by multiple applications at the port level.
- Flexible Connection. By implementing multiple tools, backup tools, and load balancing tools, NAT can increase the overall flexibility and reliability of the network. This happens when establishing to the public network or any other network connection.
- Lower cost. Organizations can use NAT with their private IP address, they don’t need to buy a new IP address for all the computers they have in their organization.
- Network Security. All the original source and destination address in NAT is hidden completely. Unless the user wants to, the hosts inside the NAT cannot be reached by hosts on other networks. Therefore, NAT provides an additional layer of network security.
- Private Addressing. NAT has its own private IPv4 addressing system even if you move to a new public addressing scheme. Although if you change the Internet Service Provider, the changes in the internal address will be prevented.
- Simplicity. NAT eliminates the need to renumber addresses when a network changes or merges.
- Speed. Compared to proxy servers, NAT is transparent to both destination and source computers, allowing for quicker direct dealing.
Disadvantages of using NAT
Some disadvantages of using NAT include:
- Issues in the Performance. NAT may cause delays in IPv4 communication as well as loss of end-device to end-device IP traceability.
- Application use. Hosts inside the network may be unreachable, causing compatibility issues.
- Usage of protocols. Some technologies and network applications will not function as expected in a NAT-configured network.
- Usage of memory. NAT will examine the data packets and convert them into local and global IP addresses, which consume lots of memory and processor space.
- Troubleshooting Issues. Troubleshooting can be difficult, especially in remote locations.
NAT is a very important aspect of firewall security. It conserves the number of public addresses used within an organization, and it allows for stricter control of access to resources on both sides of the firewall.
- Easy Prey Podcast
- General Topics
- Home Computing
- IP Addresses
- Networking Basics: Learn How Networks Work
- Online Privacy
- Online Safety
Most of us want to be polite and help others where we can. But scammers can take…[Read More]
It’s a nightmare scenario: You’re away from home and have an accident or a medical emergency. We…[Read More]
You’ve probably heard the phrase “buyer beware.” It refers to situations where it’s the buyer’s responsibility to…[Read More]
AirTags, a tracking technology designed by Apple, are one of those things that feel like futuristic tech….[Read More]
Would you want all the transactions in your bank account to be publicly available to anyone who…[Read More]
Scammers have learned to use systems like shipping, rental cars, and rental homes against us. And they’re…[Read More]