The Concept of NAT
The process of network address translation (NAT) was developed in order to respond to the lack of IP addresses with the IPv4 protocol (the IPv6 protocol will propose a solution to this problem).
In IPv4 addressing, there are not enough routable IP addresses (i.e. unique worldwide) to allow all the machines that need to be connected to the Internet to be connected.
The concept of NAT consists in using a routable IP address (or a limited number of IP addresses) to connect all of a network's machines by translating, at the Internet gateway, between the internal (non-routable) address of the machine that wants to be connected and the gateway's IP address.
Additionally, the process of translating addresses allows companies to secure the internal network as long as it conceals the internal addressing. To an observer outside of the network, all the requests look like they are coming from the same IP address.
The organizm that manages public address space (routable IP addresses) is the Internet Assigned Number Authority (IANA). The RFC 1918 defines a private address space that allows organizations to assign IP addresses to its internal network's machines with no risk of conflicting with a public IP address assigned by the IANA. These so-called non-routable addresses correspond to the following address ranges:
- Class A: range from 10.0.0.0 to 10.255.255.255
- Class B: range from 172.16.0.0 to 172.31.255.255
- Class C: range from 192.168.0.0 to 192.168.255.55
All the machines of an internal network that are connected to the Internet by way of a router and that do not have a public IP address must use an address contained in one of these ranges. For small French networks, the address range from 192.168.0.1 to 192.168.0.255 is generally used.
The concept of static NAT consists in matching a public IP address with a network internal private IP address. A router (or more precisely the gateway) matches a private IP address (e.g. 192.168.0.1) with routable public IP address on the Internet and in a sense performs the translation by modifying the address in the IP packet.
Translating static addresses allows you to connect internal network machines to the Internet transparently but does not resolve the address shortage problem because n routable IP addresses are needed to connect n machines to the internal network.
Dynamic NAT allows you to share a routable IP address (or a reduced number of routable IP addresses) between several privately addressed machines. Thus, all the machines of the internal network externally have the same virtual IP address. This is why the term "IP masquerading" is sometimes used to process of dynamic NAT.
In order to be able to "multiplex" (share) different IP addresses with one or several routable IP addresses, dynamic NAT uses Port Address Translation, i.e. the assignment of a different source port to each request in order to maintain a correspondence between the requests coming from the internal network and the responses of the machines on the Internet, all of which are addressed to the router's IP address.
For more information, please refer to RFC 3022:
Article written by Jean-François PILLOU