Understanding network address translation (NAT)


What is Network Address Translation (NAT)?

Network Address Translation (NAT) is a process that enables resources in private networks to connect to the Internet but prevents entities on the internet to initiate connections with the resources in private network. A device like a router with NAT capability translates the private addresses in the internal network into globally unique public IP addresses, thereby enabling resources in the private network to access resources outside its network (on the internet). In addition to this, NAT can also be configured in such a way that one public IP address can represent a group of resources in the internal network thereby hiding the entire internal network behind the one public IP and giving an extra layer of security.

The need for NAT arises from the fact that there are a limited number of unique IP addresses in IPv4 (2^32 = 4,294,967,296). With the explosion of the Internet and the increase in the number of devices and networks, the current number of available unique IP addresses is not enough. One solution is to redesign the IP address format to allow more unique addresses (IPv6) which is in the works, but it will take some time to implement as it would require the modification of the existing Internet infrastructure. Another solution is to use private IP addresses for the resources within the internal networks and use NAT to assign them a public IP address whenever there is a need to access the internet.

This is how NAT works: Say, a resource in the internal network wants to access a website hosted on a web server on the internet and sends a request. A router, with NAT capability, attached to that network will recognize that this request is for a resource outside its network and will send the same request to the Internet with its own public IP address as the source. Once it receives the response from the web server, it will forward the response to the internal IP address from which it had received the request, thereby completing the cycle. To the resource in the internal network, it appears as if it is directly accessing the web server on the internet and to the web server, it appears that it is sending a response to the router’s public IP address.

Different types of NAT

  • Static NAT – One on one mapping between a singular private address and a public IP address.
  • Dynamic NAT – One to many mapping between a private IP address and a pool of public IP addresses
  • Port Address Translation (PAT) – A type of Dynamic NAT that maps multiple private IP addresses to a single public IP address by using different ports.