NAT is the process where a network device, usually a firewall, assigns a public address to a computer (or group of computers) inside a private network. The main use of NAT is to limit the number of public IP addresses an organization or company must use, for both economy and security purposes.
Why
With the explosion of the Internet and the increase in home networks and business networks, the number of available IP addresses is simply not enough. The obvious solution is to redesign the address format to allow for more possible addresses. This is being developed (IPv6) but will take several years to implement because it requires modification of the entire infrastructure of the Internet. This is where NAT (RFC 1631 ) comes to the rescue.
Basically, Network Address Translation allows a single device, such as a router, to act as agent between the Internet (or "public network") and a local (or "private") network. This means that only a single unique IP address is required to represent an entire group of computers to anything outside their network.
The shortage of IP addresses is only one reason to use NAT. Two other good reasons are:
- Security
- Administration
NAT is like the receptionist in a large office. Let's say you have left instructions with the receptionist not to forward any calls to you unless you request it. Later on, you call a potential client and leave a message for them to call you back. You tell the receptionist that you are expecting a call from this client and to put them through.
The client calls the main number to your office, which is the only number the client knows. When the client tells the receptionist who they are looking for, the receptionist checks a lookup table that matches up the person's name and extension. The receptionist knows that you requested this call, therefore the receptionist forwards the caller to your extension.
Network Address Translation is used by a device (firewall, router or computer) that sits between an internal network and the rest of the world.
Types:
Static NAT – Mapping an unregistered IP address to a registered IP address on a one-to-one basis. Particularly useful when a device needs to be accessible from outside the network.
In static NAT, the computer with the IP address of 192.168.32.10 will always translate to 213.18.123.110:
Dynamic NAT – Maps an unregistered IP address to a registered IP address from a group of registered IP addresses. Dynamic NAT also establishes a one-to-one mapping between unregistered and registered IP address, but the mapping could vary depending on the registered address available in the pool, at the time of communication.
In dynamic NAT, the computer with the IP address of 192.168.32.10 will translate to the first available address in the range from 213.18.123.100 to 213.18.123.150:
Overloading – A form of dynamic NAT that maps multiple unregistered IP addresses to a single registered IP address by using different ports. Known also as PAT (Port Address Translation), single address NAT or port-level multiplexed NAT.
In overloading, each computer on the private network is translated to the same IP address (213.18.123.100) but with a different port number assignment:
For more details click here
Pinnitinga ponga
ReplyDeleteI am a bit confused when i read the Static NAT and Dynamic NAT, i was imagining this to be something like this,
ReplyDelete1 receptionist 1 phone #
External A----->10.29.0.78 NAT 10.0.5.5> A inside network
External B-----> 10.29.0.78 NAT 10.0.5.3> B Inside Network
External C-----> 10.29.0.78 NAT 10.0.5.4> C inside network
But you have depicted it as,
1 Receptionist many phone numbers, note the IP on the images are different 10,12,15
External A 10.29.0.78 NAT 10.0.5.5> A inside network
External B 10.29.0.79 NAT 10.0.5.3> B Inside Network
External C 10.29.0.79 NAT 10.0.5.4> C inside network