Network Address Translation (NAT)

Top  Previous  Next

Network address translation (NAT) is a collective term for processes that replace address information within network packets - automatically and fully transparent. NAT is a key feature of a router or firewall. It hides the internal structure of a network and allows using only one public IP address for a whole network of computers. This is both an advantage in security and a necessity because of the shortage of IPv4 addresses.

 

There are two different kinds of NAT:

 

Source NAT (SNAT): Outgoing traffic is masqueraded by a fixed IP address (a public IP address for example).
Destination NAT (DNAT): Incoming traffic is forwarded to a special internal network address. DNAT can be used to forward requests to a web address at the external interface to an internal web server that runs the web site.

 

Special cases of NAT are:

 

Masquerading: Outgoing traffic is masqueraded with a dynamic IP address.
Redirection: Incoming traffic is redirected to another port on the router where a special service listens. The destination address is not changed in this case.