What is NAT and how is it used in the home or small office?
NAT (RFC 1631) stands for Network Address Translation. Simply put it acts as an agent directing traffic to and from the internet to the computers on your local network.
To connect to the internet at home or from a small office you will either have a modem or a router with a modem built in. For the purpose of this article we assume you are using a router which is a hardware device containing a modem and networking hardware such as Ethernet LAN and Wi-Fi.
For a computer to communicate on the internet it needs a unique public IP address. Your ISP may have assigned you a fixed IP address or you may be dynamically allocated a new IP address each time you connect to your ISP. If you wish to connect more than one computer to the internet then you will need one IP address for each computer. Further IP addresses will cost you more money but NAT is a great way of saving you the need for more than one IP address.
Your NAT router assigns the IP address given to you by your ISP to itself and assigns unregistered private IP addresses to all the computers on your internal network using DHCP (Dynamic Host Configuration Protocol). It then maintains a list of these addresses in its memory to aid the routing of traffic. These addresses are reserved IP address ranges for each network class (A, B and C). For a Class C network this range is 192.168.0.0 to 192.168.255.255. (For Class A it is 10.0.0.0 to 10.255.255.255 and for Class B it is 172.16.0.0 to 172.31.255.255)
Lets say that your ISP has assigned you the public IP address 22.214.171.124. You set up your router using this IP address and any computer on the internet that tries to communicate with this address is talking to your router. Next, any computer you connect to your router is assigned an internal private network IP address. (If you are using Microsoft Windows you can type 'ipconfig' into a DOS window to see what IP address the router has assigned to you) As an example, for a Class C network the router may take 192.168.0.1 for itself as the default gateway and the first DHCP-enabled computer you add may be assigned the IP address 192.168.0.2.
The NAT functionality in your router will add your computers private network IP address 192.168.0.2 and a port number to a table in its memory. When your computer attempts communications outside of the network onto the internet the router makes a note of the connection details so when the remote computer responds your NAT router will be able to direct the traffic onwards to your computer. This is technically known as NAPT (Network Address Port Translation) rather than true NAT.
Hopefully I have explained this well enough. It was confusing to me at first. The best way to understand it is that you have one public IP address for your home or office network and each computer has a private IP address on your network. As traffic travels in and out of your internal network onto the internet the NAT router masquerades as each computer on the network so the outside world only sees one computer. The router directs incoming traffic to the computer that initiated the communication based on its routing table.
The advantage of NAT is that it only allows the computers on the internal network to initiate communication with the outside world and not vice versa. This means that any computer outside your network can attempt to communicate with a computer on your network but if your NAT has no record of a computer on its internal network initiating the communication then it will just discard the packets and wont even respond. As far as the other computer is concerned it appears as if there is no one there.
Do not confuse NAT with a firewall. On its own NAT is a great defence against malicious internet bourne attacks but it does not prevent an already compromised computer from accessing the internet. NAT is used by hardware firewalls but is not a true firewall by itself.
If you have any feedback regarding this article, or you have a suggestion for a new article, or just want to say thanks for the info then feel free to drop me an email at firstname.lastname@example.org.
Article updated: 11-Dec-2006