Network Address Translation (NAT) is a process that enables one, unique IP address to represent an entire group of computers. In network address translation, a network device, often a router or NAT firewall, assigns a computer or computers inside a private network a public address. In this way, network address translation allows the single device to act as an intermediary or agent between the local, private network and the public network that is the internet. NAT’s main purpose is to conserve the number of public IP addresses in use for security and economic goals.

What is Network Address Translation (NAT)?

Network address translation (NAT), a feature found in many firewalls, translates between external and internal IP addresses. With NAT, a private network can use internal, non-routable IP addresses that map to one or more external IP addresses. Furthermore, a single IP address can represent many computers within a network.

What is the Purpose of Network Address Translation?

To communicate with the internet, a networking system requires a unique IP address. This 32-bit number identifies and locates the network device so a user can communicate with it.

The IPv4 addressing scheme of past decades technically made billions of these unique addresses available, but not all could be assigned to devices for communication. Instead, some were exempted and used for testing, broadcast, and certain reserved military purposes. While that left over 3 billion for communication, the proliferation of the internet has meant the addresses were near exhaustion.

The IPv6 addressing scheme was introduced as the solution to this weakness in the IPv4 addressing scheme. IPv6 recreates the addressing system so there are more options for allocating addresses, but it has taken several years to alter the networking system infrastructure and implement it.

network address translation

How does NAT work?

Let’s say that there is a laptop connected to a home router. Someone uses the laptop to search for directions to their favorite restaurant. The laptop sends this request in a packet to the router, which passes it along to the web. But first, the router changes the outgoing IP address from a private local address to a public address.

If the packet keeps a private address, the receiving server won’t know where to send the information back to – this is akin to sending physical mail and requesting return service but providing a return address of anonymous. By using NAT, the information will make it back to the laptop using the router’s public address, not the laptop’s private one.

Types of Network Address Translation (NAT)

Three main types of NAT rules are used today depending on what needs to be accomplished:

Static NAT

A pool of public IP addresses is assigned to the NAT device. A private IP address can then be statically mapped to any one of these public addresses. This type of NATTING scheme is usually used for servers requiring the same IP address always, hence the name “static”, so server 1 will always have the same IP address assigned to it, and server 2 will have a different public IP address assigned to it and so on.

Dynamic NAT

Again the NAT device will consist of a pool of IP addresses. This time though the pool of IP addresses will be used when needed and then given back to the pool. So if computer A needed a public address, it would take one from the pool, then hand it back when done. The next time the same computer wanted an IP address it may be assigned a different public address from the pool, because the one used previously may be in use by another computer, hence the name “dynamic”. So users who want to communicate on the internet at any one time will be limited by how many public IP addresses are available in the NAT pool. A company would purchase several public IP’s depending on their need.

Port Address Translation (PAT)

Multiple devices on a Local Area Network (LAN) can be mapped to a single public IP address using Port Address Translation (PAT), which is an extension of NAT. PAT’s purpose is to save IP addresses.

In most home networks, PAT is used. In this case, the Internet Service Provider (ISP) assigns the router on the home network a single IP address. The router allocates a port number to computer X when it connects to the Internet from this network. The internal IP address is then appended to this. As a result, Computer X receives its unique address. When computer Y connects to the Internet at the same time as computer X, the router assigns it a separate port number. Both machines have the same public IP address and are connected to the Internet simultaneously. The router, on the other hand, always knows which specific packets it needs to send and where they should go. The internal addresses of the PCs are all different.

network address translation

Advantages of NAT

  • NAT conserves legally registered IP addresses.
  • It provides privacy as the device’s IP address, sending and receiving the traffic, will be hidden.
  • Eliminates address renumbering when a network evolves.

    Disadvantages of NAT

  • Translation results in switching path delays.
  • Certain applications will not function while NAT is enabled.
  • Complicates tunneling protocols such as IPsec.
  • Also, the router being a network layer device, should not tamper with port numbers(transport layer) but it has to do so because of NAT.

How does Network Address Translation improve security?

In addition to improving the scalability of IPv4, NAT also provides significant security benefits. These include:

  • Boundary Enforcement: With NAT, the private IP addresses used inside the corporate LAN are not routable from outside. This enforces network boundaries and forces traffic to flow through the network firewall because external systems don’t know which computer to contact even if they could bypass the firewall. By forcing traffic to flow through a next-generation firewall (NGFW), NAT ensures that all inbound and outbound traffic can be inspected before being routed to its destination.
  • Improved Privacy: NAT makes an organization’s internal network structure opaque from outside of the network. External systems see a single IP address or a set of frequently changing ones, making it difficult to create a map of an organization’s internal network for use in later attacks.

network address translation

Conclusion

To sum up, network address translation (NAT) is a way for a network to use the same IP address for multiple connected devices.

Though every device has its local IP address, these are unregistered IP addresses. Internal IP addresses need to be translated into global addresses so that the IP packet of data being requested can be returned to the correct device.

A NAT gateway router or firewall can carry out this translation each way. It does this either statically, using the same public IP for a specific private IP, or dynamically, assigning public IPs to private ones from a pool.

All this can help networks save money, boost security and ensure more public IPs are available for use.