• Pick a language
  • English
  • German
  • Spanish
  • French
  • Italian
  • Portuguese
  • Russian
  • Dutch
  • Greek
  • Japanese
  • Korean
  • Chinese
  • Chinese
  • Arabic

• FAQs
• Articles
• Tutorials
• Web Tools
• Reference
• Blog
• Proxy
• Software
• Cell Phones

• Network Layer FAQs
• What is 127.0.0.1?
• What is IP?
• What is an IP address?
• What are IP address classes?
• What is a broadcast address?
• What is a subnet?
• What is subnetting?
• What is a subnet mask?
• What is a broadcast domain?
• What is a collision domain?
• What is ICMP?
• What is BOOTP?
• What is DHCP?
• What is a DHCP scope?
• What is a DHCP reservation?
• What is a DHCP relay agent?
• What is the difference between a packet and a frame?
• How do I use ping to test a network?
• What is traceroute?
• How do Unix and Windows traceroute differ?
• What is a network router?
• What is routing?
• What is a routing table?
• What are routing protocols?
• What is routing software?
• What is a static route?
• What is a null route?
• What is Network Address Translation (NAT)?
• How can I Change my IP Address?
• What is an IP address conflict?
• What is QoS?
• What is 192.168.1.1?
• What is 192.168.0.1?
• What is 192.168.2.1?
• What is 802.1q?
• How can I find my LinkSys Router IP?
• Main Menu
• + Networking
• + Physical Layer
• + Data Link Layer
• + Network Layer
• + Network Security
• + Wireless Networks
• + VoIP
• + Telephony
• + Mobile Telephony
• + Radio
• + Television
• + Cryptology
• + Passwords
• + Smart Cards
• + Privacy
• + Malware
• + Vulnerabilities
• + Unix
• + Macintosh
• + Microsoft Windows
• + The Web
• + Web Publishing
• + E-mail
• + Instant Messaging
• + Databases
• + Computer Hardware
• + CPU's
• + Memory
• + Storage
• + Video
• + Audio
• + Multimedia
• + Satellite
• + Java
• + IT Management
• + Science
• + Miscellaneous

Tech-FAQ Tip: Click Here to Check for PC Errors

What is NAT (Network Address Translation)?

NAT (Network Address Translation) is a technique for preserving scarce Internet IP addresses.

Why NAT?

The current Internet uses IP addresses in the form xxx.xxx.xxx.xxx. A sample IP address might be 202.187.4.212.

Because of the way these IP addresses are allocated, there started to be a shortage of available IP addresses.

The current revision of IP (Internet Protocol) in use on the Internet is IPv4. IPv6 is largely a response to this potential IP address shortage.

Unfortunately, IPv6 is going to take decades to implement. A much quicker fix was needed, and that fix was NAT.

Private Address Space for NAT

To conserve IP address space, networks which are not directly connected to the Internet are often given private address space.

Private address space are ranges of IP address which cannot be routed over the Internet.

Private address space is often called "RFC 1918" space, because private address space is defined in RFC 1918 - Address Allocation for Private Internets.

RFC 1918 defines three sets of private address space:

Start	End	Network Size
10.0.0.0	10.255.255.255	/8
172.16.0.0	172.31.255.255	/12
192.168.0.0	192.168.255.255	/16

The use of private address space conserves IP addresses because any person or company can use the same provate address space over and over again.

I have a 10.0.0.x network in my house. IBM has a 10.0.0.x network. HP has a 10.0.0.x network. Apple has a 10.0.0.x network. We're all using the same range of IP addresses.

The limitation is that private address space is non-routable. This means that any computer on these private IP addresses cannot (directly) connect to the Internet.

Network Address Translation to the Rescue!

The solution to work-around this limitation is NAT (Network Address Translation).

A NAT device, usually a firewall or a router, is placed between the private network and the Internet.

When computers on the private network want to communicate on the Internet, the NAT device quickly and silently modifies the packets they send to have a normal IP address.

When systems on the Internet send reply packets, the NAT device routes those reply packets back to the correct system on the private network.

In this way, hundreds or thousands of computers on the private network can share just one IP address on the public Internet.

For example, you might have 250 computers on the 192.168.1.x network and one firewall providing NAT services on the IP address 216.17.138.210. Any time one of the hosts communicates across the Internet, the NAT firewall changes the IP address of the packets to 216.17.138.210. When reply packets come from the Internet, the NAT firewall sorts them out and sends them to the correct internal host.

Types of NAT

The type of NAT just described is called One-to-Many NAT. This is because one IP address is shared by many hosts.

It is also possible to implement One-to-One NAT. This is where a host with a private IP address is given a dedicated public IP address in the NAT device. One-to-One NAT is used to support some poorly designed protocols which do not work well over NAT.

How NAT Works

When a computer running NAT receives a packet from an internal client, it replaces the packet header and translates the client's port number and internal IP address to its own port number and external IP address. It then sends the packet to the destination host on the Internet, and keeps track of the mapping information in a table, so that it can route the reply to the appropriate client computer. When the computer running NAT receives a reply from the Internet host, it again replaces the packet header and sends the packet to the client. Both the client computer and the Internet host appear to be communicating directly with each other.

For example, a client computer with the IP address 192.168.10.2 wants to contact a Web server with the IP address 131.110.30.4. The client is configured to use 192.168.1.1 as the default gateway, which is the internal IP address of the computer running NAT. The external IP address of the computer running NAT is 131.110.5.1. In this example, the NAT process occurs as follows:

• The client computer sends a packet to the computer running NAT. The packet header indicates that the packet originates from port 1074 on the computer with the IP address 192.168.10.2, and has a destination of port 80 on 131.110.30.4.
• The computer running NAT changes the packet header to indicate that the packet originates from port 1563 on host 131.110.5.1, but does not change the destination. The computer running NAT then sends the packet to the Web server over the Internet.
• The external Web server receives the packet and sends a reply. The packet header for the reply indicates that the packet originates from port 80 on 131.110.30.4, and has a destination of port 1563 on host 131.110.5.1.
• The computer running NAT receives the packet and checks its mapping information to determine the destination client computer. The computer running NAT changes the packet header to indicate a destination of port 1074 on 192.168.10.5, and then sends the packet to the client. The source of the packet remains as port 80 on 131.110.30.4, which is the IP address of the Web server.

Latest Blog Posts

• Fathers Day Gift Idea

• Do you Smile at Work? You will Now!

• Craigslist Fights Back Against eBay

• Google to Use YouTube Videos for Buzz Targeting

• Alienware and XPS Will Remain Active Dell Brands

• Nintendo Wii is just Insane! Right?

• LED Faucet Lights Add a Nice Conversation Piece to Your Office

• Problems Getting Up in the Morning? What About That Earthquake?

• Security Vulnerabilities

• Comodo Firewall Pro 3.0 - a poweruser's dream come true