Network Address Translation (NAT) Concepts

NETWORK ADDRESS TRANSLATION (NAT) CONCEPTS
WRITTEN BY ADMINISTRATOR. POSTED IN NETWORK ADDRESS TRANSLATION - NAT (/NETWORKING-TOPICS/NETWORK-ADDRESS-TRANSLATION-

NAT.HTML)

INTRODUCTION
Before we dive into the deep waters of NAT, we need to make sure we understand exactly what NAT does. So let me give you the
background of NAT, why it's here today and how it works. Even though there are different modes of NAT they are all basically extensions to
the original concept.
NAT has become so popular that almost all small routers, firewall software and operating systems support at least one NAT mode. This
shows how important it is to understand NAT.
THE NAT CONCEPT
NOTE: NAT is not only used for networks that connect to the Internet. You can use NAT even between private networks as we will see in the
pages to follow, but because most networks use it for their Internet connection, we are focusing on that.
The NAT concept is simple: it allows a single device to act as an Internet gateway for internal LAN clients by translating the clients' internal
network IP Addresses into the IP Address on the NAT-enabled gateway device.
In other words, NAT runs on the device that's connected to the Internet and hides the rest of your network from the public, thus making your
whole network appear as one device (or computer, if you like) to the rest of the world.
NAT is transparent to your network, meaning all internal network devices are not required to be reconfigured in order to access the Internet.
All that's required is to let your network devices know that the NAT device is the default gateway to the Internet.
NAT is secure since it hides your network from the Internet. All communications from your private network are handled by the NAT device,
which will ensure all the appropriate translations are performed and provide a flawless connection between your devices and the Internet.
The diagram below illustrates this:
(http://www.firewall.cx)
TUESDAY, 12 AUGUST 2014 Home (/) Networking (/networking-topics.html)
Network Address Translation (/networking-topics/network-address-translation-nat.html)
Network Address Translation (NAT) Concepts
FIREWALL.CX TEAM
(/MEET-THE-TEAM.HTML)
NEWS
(/NEWS.HTML)
ALTERNATIVE MENU
(/SITE-MAP.HTML)
RECOMMENDED SITES
(/RECOMMENDED-SITES.HTML)
CONTACT US - FEEDBACK
(/CONTACT-US.HTML)
HOT DOWNLOADS
(http://clixtrac.com/goto/?168777)
FREE HYPER-V BACKUP
(HTTP://CLIXTRAC.COM
/GOTO/?168777)
NETWORK
VULNERABILITY SCANNER
ANTISPAM & SECURITY
/GOTO/?99230)
Rating 4.54 (26 Votes)
Tweet
(//pinterest.com/pin/create/button/?url=http%3A%2F%2Fwww.firewall.cx%2Fnetworking-topics%2Fnetwork-address-translation-
nat%2F227-nat-concepts.html&media=http%3A%2F%2Fwww.firewall.cx%2Fimages%2Fstories%2Fnat-concept-1.gif&
description=Introduction%20Before%20we%20dive%20into%20the%20deep%20waters%20of%20NAT
%2C%20we%20need%20to%20make%20sure%20we%20understand%20exactly%20what%20NAT...)
Share
42 people like this. Be the first
of your friends.
Like Like Share Share
Network Address Translation (NAT) Concepts http://www.firewall.cx/networking-topics/network-address-translation-na...
1 of 6 8/13/2014 12:33 AM

As you can see, we have a simple network of 4 hosts (computers) and one router that connects this network to the Internet. All hosts in our
network have a private Class C IP Address, including the router's private interface (192.168.0.1), while the public interface that's connected
to the Internet has a real IP Address (203.31.220.134).
If you're having trouble understanding, the following diagram shows how the Internet would see the above setup:

As you can see, the idea behind NAT is really simple. Remember that we have mentioned there are 3 different NAT modes to suit all types
of network configurations. If required you can use NAT to allow the Internet to see specific machines on your internal network !
Such configurations will allow the Internet to access an internal webserver or ftp server you might have, without directly compromising your
network security. Of course special actions need to be taken to ensure that your visitors are restricted to the resources you want and that's
where the firewall comes into the picture. We'll discover how all this is possible in the next pages, so be patient and keep reading !
HOW NAT WORKS
There are 3 different ways in which NAT works. However, the principle is the same for all 3 modes. To help understand it we need a good,
simple example and the first one at the beginning of this page will do the job just fine.
The trick to understanding how NAT works is to realise that only the device (router, firewall or pc) that connects directly to the Internet
performs NAT. For our example this device happens to be a router, but it could even be a simple PC; it makes no difference for us.
As you already know, all requests the workstations generate are sent to the Internet via the router. The router will then perform NAT on
these packets and send them to their destination. As each packet arrives into the router's private interface, the router will strip the source IP
Address from the 3rd layer (network layer) e.g 192.168.0.10 and place its own public IP address (203.31.220.134) before sending it to the
Internet.
This is how the packet then seems to have originated from the router itself. In some cases, depending on the NAT mode, the source and
destination port numbers (layer 4) will be changed as well but we examine that on the pages that follow. For now, we'll just look at the
simple IP translation within the router.
The illustration below shows how the router modifies the packets:

(http://feeds.feedburner.com
/firewallcx)
(http://twitter.com
/firewallcx)
(https://www.facebook.com
/firewallcx)
(http://www.linkedin.com
/groups?home=&
gid=1037867)
CONNECT:
NETWORK SECURITY
SCANNER
(http://clixtrac.com
/goto/?99232)
Notify me of new articles
Subscribe
HYPER-V BACKUP
/goto/?163759)
RSS SUBSCRIPTION
Subscribe to Firewall.cx RSS
Feed by Email
(http://feedburner.google.com
/fb/a/mailverify?uri=firewallcx&
loc=en_US)
RECOMMENDED
DOWNLOADS
Web Security
/goto/?99233)
Server AntiSpam
/goto/?99234)
Network Scanner
/goto/?99235)
IDS Security Manager
/goto/?99236)
Web-Proxy Monitor
/goto/?99237)
FTP / TFTP Servers
(/downloads/ftp-tftp-servers-
a-clients.html)
Cisco VPN Client
(/downloads/cisco-tools-
2 of 6 8/13/2014 12:33 AM
In this illustration, a workstation from our network has generated a packet with a destination IP Address 135.250.24.10. Logically, this
packet is first sent to the gateway, which performs NAT on this packet and then sends it to the Internet to finally make its way to the
destined host.
Looking more closely at the gateway (router) during the initial NAT operation, the original packet's Source IP is changed from 192.168.0.12
to that of the router's public interface, which is 203.31.220.134, then the router stores this information in a special address within its memory
(also called NAT Table - explained next), so when the expected reply arrives it will know to which workstation within its network it needs to
forward it.
The next page will show you the heart of NAT, the NAT Table, and briefly explain the function of each NAT mode.

Next - The Network Address Translation Table (/networking-topics/network-address-translation-nat/228-nat-table.html)

Add a comment
View 9 more
Facebook social plugin
18 comments
Ramakrishna Puli Works at
Accenture 229 followers
Very well Explained.
Reply Like Follow Post 7 April 2012 at
21:04
Follow
1
Brittney Coble Top commenter
University of Louisville
Thank you!
Reply Like Follow Post 25 April 2012 at
22:48
Follow
2
Chris Partsenidis Top
commenter Founder, Editor-in-Chief at
Firewall.cx
You are very welcome Brittney!
Reply Like 26 April 2012 at 00:33
Cheerag Nundlall Top commenter
thumbs up
Reply Like Follow Post 15 May 2012 at
02:29
1
Nandha Ra Incheon, Korea 115
followers
excellent brief
Reply Like Follow Post 19 May 2012 at
15:14
Follow
2
Vignesh Vicky Bharathidasan University
thanks for giving best result to me about nat.
Reply Like Follow Post 1 September
2012 at 15:44
1
ARTICLES TO READ NEXT:
THE NETWORK ADDRESS
TRANSLATION TABLE (/NETWORKING-
TOPICS/NETWORK-ADDRESS-
TRANSLATION-NAT/228-
NAT-TABLE.HTML)
STATIC NAT - PART 1 (/NETWORKING-
TRANSLATION-NAT/229-NAT-STATIC-
PART-1.HTML)
STATIC NAT - PART 2 (/NETWORKING-
TRANSLATION-NAT/230-NAT-STATIC-
PART-2.HTML)
a-applications.html)
Network Fax Server
/goto/?100607)
Free Hyper-V Backup
/goto/?163765)
NETWORKING MENU
NETWORK FUNDAMENTALS
(/networking-topics/general-
networking.html)
NETWORK CABLING
(/networking-topics/cabling-
utp-fibre.html)
OSI MODEL
(/networking-topics/the-osi-
model.html)
ETHERNET
(/networking-topics
/ethernet.html)
NETWORK PROTOCOLS
(/networking-topics
/protocols.html)
ROUTING
(/networking-topics
/routing.html)
NETWORK ADDRESS
TRANSLATION
(/networking-topics/network-
address-translation-
nat.html)
VLAN NETWORKS
(/networking-topics/vlan-
networks.html)
FIREWALLS
(/networking-topics
/firewalls.html)
WAN TECHNOLOGIES
(/networking-topics
/wan-technologies.html)
CISCO PRESS REVIEW
PARTNER
(/site-news/316-firewall-
ciscopress.html)
POPULAR CISCO
ARTICLES
DMVPN Configuration (/cisco-
technical-knowledgebase
/cisco-routers/901-cisco-
router-dmvpn-
configuration.html)
Cisco IP SLA (/cisco-technical-
knowledgebase/cisco-routers
/813-cisco-router-ipsla-
basic.html)
VLAN Security (/cisco-
3 of 6 8/13/2014 12:33 AM
/cisco-switches/818-cisco-
switches-vlan-security.html)
4507R-E Installation (/cisco-
/cisco-switches/948-cisco-
switches-4507re-ws-x45-
sup7l-e-installation.html)
CallManager Express Intro
(/cisco-technical-
knowledgebase/cisco-
voice/371-cisco-ccme-part-
1.html)
Secure CME - SRTP & TLS
(/cisco-technical-
knowledgebase/cisco-
voice/956-cisco-voice-
cme-secure-voip.html)
Cisco Password Crack (/cisco-
/cisco-routers/358-cisco-type7-
password-crack.html)
Site-to-Site VPN (/cisco-
/cisco-routers/867-cisco-
router-site-to-site-ipsec-
vpn.html)
FREE CISCO LAB
PARTNERS
/goto/?99238)
POPULAR LINUX
ARTICLES
Linux Init & RunLevels (/linux-
knowledgebase-tutorials/linux-
administration/845-linux-
administration-runlevels.html)
Linux Groups & Users (/linux-
groups-user-accounts.html)
Linux Performance Monitoring
(/linux-knowledgebase-tutorials
/linux-administration/837-linux-
system-resource-
monitoring.html)
Linux Vim Editor (/linux-
vi.html)
Linux Samba (/linux-
knowledgebase-tutorials
/system-and-network-services
/848-linux-services-
samba.html)
Linux DHCP Server (/linux-
knowledgebase-tutorials
/system-and-network-services
/849-linux-services-
dhcp-server.html)
Linux Bind DNS (/general-
topics-reviews/linuxunix-
related/829-linux-
4 of 6 8/13/2014 12:33 AM
bind-introduction.html)
Linux File & Folder
Permissions (/general-topics-
reviews/linuxunix-related
/introduction-to-linux/299-linux-
file-folder-permissions.html)
Linux OpenMosix (/general-
topics-reviews/linuxunix-
related/openmosix-linux-
supercomputer.html)
Linux Network Config (/linux-
services-tcpip.html)
BANDWIDTH
MONITORING
/goto/?99758)
5 of 6 8/13/2014 12:33 AM
CCENT/CCNA
ROUTER BASICS (/CISCO-
TECHNICAL-
KNOWLEDGEBASE/CISCO-
ROUTERS/250-CISCO-
ROUTER-BASICS.HTML)
SUBNETTING
OSI MODEL
IP PROTOCOL
CISCO ROUTERS
SSL WEBVPN
SECURING ROUTERS
POLICY BASED ROUTING
ROUTER ON-A-STICK
VPN SECURITY
UNDERSTAND DMVPN
GRE/IPSEC
CONFIGURATION
SITE-TO-SITE IPSEC VPN
IPSEC MODES
CISCO HELP
VPN CLIENT WINDOWS 8
VPN CLIENT WINDOWS 7
CCP DISPLAY PROBLEM
CISCO SUPPORT APP.
WINDOWS 2012
NEW FEATURES
LICENSING
HYPER-V / VDI
INSTALL HYPER-V
LINUX
FILE PERMISSIONS
WEBMIN
GROUPS - USERS
SAMBA SETUP
FIREWALL.CX TEAM
(/MEET-THE-TEAM.HTML)
NEWS
(/NEWS.HTML)
ALTERNATIVE MENU
(/SITE-MAP.HTML)
RECOMMENDED SITES
(/RECOMMENDED-SITES.HTML)
CONTACT US - FEEDBACK
(/CONTACT-US.HTML)
Copyright 2000-2014 Firewall.cx - All Rights Reserved
Information and images contained on this site is copyrighted material.
Firewall.cx - Cisco Networking, VPN - IPSec, Security, Cisco Switching, Cisco Routers, Cisco VoIP- CallManager Express & UC500, Windows Server, Virtualization, Hyper-V Linux Administration
6 of 6 8/13/2014 12:33 AM

Network Address Translation (NAT) Concepts

Загружено:

Сведения о документе

Исходное описание:

Авторское право

Доступные форматы

Поделиться этим документом

Поделиться или встроить документ

Параметры публикации

Этот документ был вам полезен?

Это неприемлемый материал?

Авторское право:

Доступные форматы

Network Address Translation (NAT) Concepts

Загружено:

Авторское право:

Доступные форматы

NETWORK ADDRESS TRANSLATION (NAT) CONCEPTS

WRITTEN BY ADMINISTRATOR. POSTED IN NETWORK ADDRESS TRANSLATION - NAT (/NETWORKING-TOPICS/NETWORK-ADDRESS-TRANSLATION-

Вам также может понравиться