How NAT (Network Address Translation) Works and Its Types

How NAT (Network Address Translation) Works and Its Types

1. Basic Concept of NAT
NAT is a technology that modifies the source or destination IP address of an IP packet as it passes through a router or firewall. It primarily addresses the IPv4 address shortage by allowing private addresses (e.g., in home/company internal networks) to access the internet via a single public IP. Private address ranges include:

  • 10.0.0.0 ~ 10.255.255.255 (10.0.0.0/8)
  • 172.16.0.0 ~ 172.31.255.255 (172.16.0.0/12)
  • 192.168.0.0 ~ 192.168.255.255 (192.168.0.0/16)

2. How NAT Works
Taking a home network as an example, assume an internal host (192.168.1.10) accesses an external server (203.0.113.5):

  1. Request from Internal Network
    • Host sends a packet: Source IP=192.168.1.10, Source Port=3000, Destination IP=203.0.113.5, Destination Port=80.
  2. NAT Device Processing
    • The NAT device (e.g., router) replaces the source IP with a public IP (e.g., 198.51.100.1), assigns a new port (e.g., 5000), and creates a mapping table:
      (Internal IP:Port, External IP:Port) → (192.168.1.10:3000, 198.51.100.1:5000).
  3. External Network Receives and Responds
    • Server receives the packet: Source IP=198.51.100.1, Source Port=5000, Destination IP=203.0.113.5, Destination Port=80.
    • Server responds with the destination address as 198.51.100.1:5000.
  4. NAT Forwards Back to Internal Network
    • The NAT device restores the destination IP:Port to 192.168.1.10:3000 based on the mapping table and forwards it to the internal host.

3. Common Types of NAT

  1. Static NAT
    • One-to-one fixed mapping (e.g., mapping 192.168.1.10 permanently to 198.51.100.1), commonly used for servers providing external services.
  2. Dynamic NAT
    • Dynamically allocates an IP from a public IP pool to an internal host; mappings are temporary and the IP is reclaimed after the session ends.
  3. NAPT (Network Address Port Translation)
    • The most commonly used type; distinguishes different internal hosts by port numbers, enabling multiple devices to share a single public IP (e.g., home routers).

4. Limitations of NAT and Solutions

  1. Limitations
    • Breaks end-to-end communication: External networks cannot directly access hosts with private IPs.
    • Some protocols (e.g., FTP, IPsec) may fail due to IP/port information embedded in the data payload.
  2. Solutions
    • STUN/TURN/ICE: Used for NAT traversal to assist in establishing P2P communication connections.
    • ALG (Application Layer Gateway): The NAT device deeply parses specific protocols and modifies address information within the packet's content.

5. Practical Scenario Example
Multiple office computers (192.168.1.0/24) access the internet via a router (Public IP=203.0.113.10):

  • When Computer A (192.168.1.2:4000) visits a website, NAT creates a mapping (192.168.1.2:4000 → 203.0.113.10:6000).
  • Simultaneously, Computer B (192.168.1.3:5000) can be mapped to a different port of the same public IP (e.g., 203.0.113.10:6001), enabling concurrent access.

Through the above steps, NAT conserves IP resources while introducing the complexity of address translation, requiring optimization based on specific protocols and scenarios.