Network Address Translation (NAT) remaps one Public IP address space to another network address. The process involves a network device to assign a public IP to a number of devices inside a private network. So it limits the Public IPs which is both economy and security purposes.
How Network Address Translation Works
NAT implements the technique of IP masquerading that hides private IP Addresses behind a Single Public Address Space. The technique became popular to conserve IPv4 address space from exhausting.
Basic NAT, acts as a one-to-one translation of IP Addresses. It helps to interconnect two IP networks with varying addresses. In this NAT IP addresses, IP header checksum and any higher level checksums that contain IP address that is changed.
In NAT it uses large amount of Private IP Address in the Internal network in the private range (10.0.0.0 – 10.255.255.255, 172.16.0.0 – 172.31.255.255, or 192.168.0 0 – 192.168.255.255).
NAT is a very important aspect of firewall security by conserving no. of public address in an organization and providing strict control of access to resources on both sides of the firewall. Internet RFC 1631 contains the basic NAT specification.
Types of NAT
NAT was developed by Cisco which was implemented on the devices like the firewall or system that is present in between the home network and the outside world. Network Address Translation takes 3 forms.
- Static NAT
- Dynamic NAT
When we map an unregistered IP Address to a registered IP Address by maintaining a table associating each internal IP to external allocated Internet IP. So this approach is not widely used but Static IP is useful when making devices accessible from the Internet. It makes the External IP to point to the Internal IP i.e stored on the NAT router.
Eg: A computer with IP Address of 192.168.59.11 will always translate to 18.104.22.168.
A list of registered IP Address in maintained by Dynamic NAT. When a client requests for access to the internet it maps the currently unused IP address. The Number of registered IP addresses is needed based upon the Parallel Internet Users.
Eg: A computer with IP Address of 192.168.59.11 will translate to any available IP in the range 22.214.171.124 to 126.96.36.199
A Similar Approach like Dynamic NAT is followed here but the only difference is multiple unregistered IP addresses is mapped to a single registered IP address by using Different Ports. It is also called as Network Address Port Translation (NAPT).
Eg: Each and every computer on the network is translated to same IP address but to Different Port numbers 188.8.131.52: 100, 184.108.40.206: 101, 220.127.116.11: 102
How to set up NAT
NAT is more commonly used inside the router of the Home network to configure the IP Addresses inside the network and doesn’t require an administrator to always interfere.
Online gaming service to have proper connectivity needs the router NAT settings to be manually updated sometimes. Consoles on Xbox or PlayStation.
- Open NAT – A Console can interact with any other peers on the gaming service normally.
- Strict NAT – A Console is restricted to interact only with the peers that are also using Strict.
- Moderate NAT – A consoles can interact with any peer that is using Open or Moderate.
NAT Firewall acts as the intermediate and control sessions in both the directions by restricting port access and protocols.
Limitations of NAT
NAT is not commonly used in IPv6 because one of the design goals for IPv6 restricts the need to conserve addresses because each device can be given unique addresses without the interference of NAT loopback.