Network Address Translation Reference

Network Address Translation (NAT) is the process of modifying IP address information in IPv4 headers while in transit across different networks. In most cases NAT will be used to connect one or more local area networks (LANs) to the Internet. Typically, NAT will be done by routing devices.

Every established connection of a NAT router has its own NAT session. All depending connection information (addresses, ports, and time-outs) is stored in a NAT table. Based on this stored information, the router can send answer packets back to the right client. After a NAT session has finished or expired, the entry on the NAT table will be removed.

Don't use plagiarized sources. Get Your Custom Essay on
Network Address Translation Reference
Just from $13/Page
Order Essay

On every new connection of an internal client, the internal source address will be replaced by the public address of the router. During this process, the source port of the client also will be replaced by an unused one of the router. The mapping will be saved in the NAT table. The whole operation is also known as PAT (Port and Address Translation).

The following example shows how NAT works. There is a private network (LAN) with the address 192.168.0.0/24 and a router with the public address 205.0.0.2/32.

NAT is designed to transmit packages for existing NAT sessions. If the router receives network packages for an expired or nonexisting session, they will be handled by the default firewall (iptables) rule—in most cases, those packages get dropped.

Destination NAT (Port Forwarding)

Destination NAT (DNAT), also known as port forward, is a technique for transparently changing the destination IP address of a routed network package and performing the inverse function for any replies. Any router situated between two endpoints can perform this transformation of the packet.

DNAT is commonly used to publish various services located in a private network on a publicly accessible IP address. This use of DNAT is also called DMZ when used on an entire server, which becomes exposed to the WAN, becoming analogous to an undefended military demilitarized zone (DMZ).

Source NAT

The meaning of the term source NAT varies by different vendors. Many of them have proprietary definitions for SNAT. For example, Microsoft uses the acronym for secure NAT; Cisco Systems uses it for stateful NAT.

A common expansion is source NAT (SNAT), the counterpart of destination NAT (DNAT), and is used on IPFire. It is a technique for transparently changing the source IP address of a routed network package.

SNAT will be used on environments with multiple public IP addresses, whether various services located in a private network should be accessible by different IP addresses.

Leave a Reply

Your email address will not be published. Required fields are marked *