Skip to main content

What is Network Address Translation? A Guide About NAT

As the Internet becomes more widely used, more devices become connected, and the availability of IP addresses becomes a serious issue, network address translation is a critical technology. NAT is essentially a "workaround" that solves the problem extremely well in some situations. Longer term, the next generation of IP protocol, IPv6, is likely to be the solution.

guide about nat Figure 1. What is NAT

What is Network Address Translation?

The technique of mapping an Internet Protocol (IP) address to another by modifying the header of IP packets while in transit across a router is known as network address translation (NAT). As part of this technique, NAT settings can reveal only one IP address for a whole network to the outside world, essentially masking the entire internal network and adding security. Network address translation is commonly used in remote-access scenarios because it provides both address conservation and increased security. This improves security and reduces the number of IP addresses required by a company.

How Does NAT Work?

Assume you have a laptop connected to your home router. Someone is looking for directions to their favorite restaurant on their laptop. This request is sent as a packet from the laptop to the router, which then forwards it to the web. However, the router must first change the outgoing IP address from a private local address to a public one.

The receiving server will not know where to send the information back if the packet has a private address — it's similar to sending physical mail and seeking return service but providing an anonymous return address. The information will be sent back to the laptop using the router's public address, not the laptop's private address, thanks to NAT.

How Does Network Address Translation Improve Security?

It's primarily about obscurity for security. A NAT device “hides” all network devices by making them appear to be emanating from a single IP address, which is the NAT device's own.

While all systems have their own IP address within the network, when interacting with the rest of the Internet, they pass through the NAT, which has a mapping of internal devices. As a result, the NAT knows which device to transfer Internet traffic.

However, outside the network, the NAT IP address is the only thing visible; there is no direct, straightforward way to determine the internal IP addresses of any internal devices.

A NAT, on the other hand, is not a true security device. It can mask internal IP addresses, but it has no effect on malicious traffic. As a result, an attacker could simply send malware to the NAT, which would either obtain access to the NAT's network map of devices or go directly to an internal device, depending on the infection.

That's why, in addition to NAT, you'll need a firewall. NAT is mostly used by sysadmins to alleviate network congestion to the Internet; instead of each system having its own IP address accessible via the Internet, a single IP address is utilized, which aids troubleshooting and system configuration.

What is the History of Network Address Translation?

The Internet grew swiftly after the publication of the Internet Protocol Specification. In 1991, RFC 1287(RFCs produced by the Internet Engineering Task Force covered many aspects of computer networking.), Towards the Future Internet Architecture, was released, and it is likely the first RFC to raise the issue of IP address space exhaustion in the near future.

RFC 1335, published in May 1992, provides a more detailed description of using internal IP addresses (also known as private IP addresses) as a solution to IP address exhaustion. “Extending the IP Internet Through Address Reuse,” the first paper describing the NAT concept, appeared in the January 1993 issue of Computer Communication Review and was published a year later as RFC 1663.

What are The Types of NAT?

Different types of NAT are used in networking. These NATs are used for a variety of purposes. Each of these NAT types is listed below.

1. Static NAT

Network traffic is mapped from a static external IP address to an internal IP address or network via static NAT. It converts real addresses to mapped addresses in a static manner. Static NAT connects networking devices to the internet via a private LAN with an unregistered private IP address.

A one-to-one mapping from one IP subnet to another is defined by static NAT. In one direction, the mapping contains destination IP address translation, and in the other, source IP address translation. The virtual host IP address is the original destination address from the NAT device, whereas the mapped-to address is the real host IP address.

Connections can originate on either side of the network with static NAT, but translation is limited to one-to-one or between blocks of addresses of the same size. A public address must be assigned to each private address. There are no address pools required.

The following types of translation are also supported by static NAT:

  • To map several IP addresses and port ranges to a single IP address and a different port range.
  • To change the IP address and port of a specific IP address and port.

2. Dynamic NAT

A private IP address is mapped to a public IP address from a group of public IP addresses known as a NAT pool in dynamic NAT. A one-to-one mapping between a private IP address and a public IP address is established through dynamic NAT. The public IP address is selected from the pool of IP addresses defined on the NAT router's end. The public to private mapping may differ depending on the public IP address accessible in the NAT pool.

Dynamic NAT, in contrast to static NAT, which creates a one-to-one translation between internal unregistered addresses and external registered addresses, creates a many-to-one translation in which multiple internal addresses use the same public address. Dynamic NAT eliminates IP address conflicts by keeping a state table for each TCP or UDP connection that stores five values (source address, source port, destination address, destination port, and protocol).

3. PAT

Multiple devices on a Local Area Network (LAN) can be mapped to a single public IP address using Port Address Translation (PAT), which is an extension of Network Address Translation (NAT). PAT's purpose is to save IP addresses.

In most home networks, PAT is used. In this case, the Internet Service Provider (ISP) assigns the router on the home network a single IP address. The router allocates a port number to computer X when it connects to the Internet from this network. The internal IP address is then appended to this. As a result, Computer X receives its own unique address. When computer Y connects to the Internet at the same time as computer X, the router assigns it a separate port number.Both machines have the same public IP address and are connected to the Internet simultaneously. The router, on the other hand, always knows which specific packets it needs to send and where they should go. The internal addresses of the PCs are all different.

What are the Benefits of NAT?

The following are some of the advantages of NAT:

  • Address conservation: NAT preserves and prevents the depletion of legitimately registered IP addresses.
  • Security of network address translation: By masking the device IP address from the public network, NAT allows users to use the internet with greater security and privacy, even when transmitting and receiving traffic. Users can use NAT rate-limiting to limit the number of concurrent NAT operations on a router as well as the number of NAT translations. This not only gives you more control over how NAT addresses are utilized, but it can also help you avoid worms, viruses, and denial-of-service (DoS) assaults. The use of dynamic NAT automatically builds a firewall between the internal network and the internet. Traffic logging and filtering are available on some NAT routers.
  • Flexibility: NAT is adaptable; it can, for example, be used in a public wireless LAN setting. In some circumstances, inbound mapping or static NAT allows external devices to connect to computers on the stub domain.
  • Simplicity: When a network changes or merges, there is no need to renumber addresses.You can construct an inside network virtual host to coordinate TCP load-balancing for internal network servers using network address translation.
  • Speed: NAT is transparent to both destination and source computers, unlike proxy servers, allowing for faster direct communication. Furthermore, proxy servers often operate at the OSI Reference Model's transport layer or higher, making them slower than network address translation, which operates at the network layer or layer 3.
  • Scalability: The DHCP server distributes unregistered IP addresses for the stub domain from the list as needed, and NAT and dynamic host configuration protocol (DHCP) operate effectively together. Scaling up is easier since you can extend the available range of IP addresses that DHCP configured to create room for more network computers right away rather than having to request more IP addresses from IANA as your demands grow.
  • Multi-homing: Multi-homing, or having many internet connections, helps maintain a reliable connection and minimizes the likelihood of a shutdown in the event of a lost connection. This also allows for load balancing by limiting the number of machines that use a single connection. Multihomed networks frequently connect to many ISPs, each of which assigns the organization a range of IP addresses or a single IP address. To route between networks employing different network address translation protocols, routers use network address translation. The router in a multi-homed network communicates using the border gateway protocol (BGP), which is part of the TCP/IP protocol suite; the stub domain side uses internal BGP or IBGP, and routers connect with each other using external BGP or EBGP. If one of the connections to an ISP fails, multi-homing reroutes all traffic to another router.

Disadvantages of NAT

There are certain disadvantages to using NAT:

  • Some real-time applications demand actual end-to-end communication, which Network Address Translation does not provide: A variety of real-time applications necessitate the establishment of a logical tunnel in order to exchange data packets in real time. It necessitates quick and seamless connectivity without the use of any intermediates, such as a proxy server, which might complicate and slow down the communications process.
  • NAT complicates the operation of tunneling protocols: Any communication that passes through a Proxy server is likely to be sluggish and prone to interruptions. Such flaws aren't tolerated in certain crucial applications. Telemedicine and teleconferencing are two examples. Such applications see network address translation as a bottleneck in the communication network, causing avoidable end-to-end connectivity distortions.
  • NAT serves as a backup route for internet communication via the Internet: A scarcity of IPv4 address space and security concerns were the driving forces behind the network address translation process's widespread appeal and subsequent implementation. The IPv6 protocol has entirely addressed both of these difficulties. As IPv6 gradually replaces IPv4, the network address translation procedure will become redundant and obsolete, wasting valuable network resources for services that will no longer be necessary on IPv6 networks.

Examples of NAT

As an example of NAT network address translation, an internal host may wish to interact with an external destination network address translation web server address on the outside world. A packet of data will be sent to the NAT gateway router for further communication.

In order to evaluate if a packet is eligible for translation, the NAT gateway router learns the packet's source IP address and looks it up in a table. It can discover authenticated hosts for internal network translation on its access control list (ACL) and then complete the translation, producing an internal global IP address from an internal local IP address.

Finally, after saving the translation in the NAT table, the NAT gateway router will route the packet to its destination. When the internet's web server responds to the request, the packet reverts to the router's global IP address. With the help of the NAT table, the router can figure out which translated IP address corresponds to which global address, convert it to the inside local address, and transmit the data packet to the host at that address. If no match is detected, the data packet is discarded.

What are the NAT Tools and Softwares?

A Firewall or a router can be used , usually these are public facing devices, for implementing NAT.After NAT is implemented how can you look up NAT records.Under this title we will cover some NAT lookup tools.

By filtering, categorizing, and providing various ways to simplify the output, a NAT lookup tool assists administrators in troubleshooting and maintaining NAT records (often without connecting to the device).

The 7 Best NAT Lookup Tools & Software are as follows:

1. SolarWinds NAT Lookup Tool

For any given IP address, the program returns a list of NAT policies and their associated firewalls.

The software is quite scalable, and it can assist administrators in generating comprehensive NAT policy lists.

These lists will aid in the troubleshooting of IP address conflicts, overlapping NAT policies or rules, overall firewall translation issues, and networks of any size.

Solarwinds NAT Lookup Tool

Figure 2. Solarwinds NAT Lookup Tool

2. Netstat-nat

Netstat-nat is a tiny C application that monitors network traffic. It shows NAT connections that are controlled by netfilter/iptables, which is included with Linux kernels > 2.4.x. The application gets its information from netfilter's temporary conntrack-storage, '/proc/net/ip conntrack' or '/proc/net/nf conntrack'.

The Linux software "netstat-nat" displays all NATed connections that are handled by iptables or netfilters. You can use netstat-nat to;

  • Only SNAT, DNAT, or both links can be displayed.
  • All NAT connections will be displayed.
  • Filter results by a protocol number.
  • Filter results based on the IP address of the source.
  • Show connections from a given IP address or hostname.
  • NAT connections should be sorted.

Popular Linux distributions such as Debian, Ubuntu, Suse, and Redhat all support the utility. Netstat-nat takes several arguments (but not needed).

-h displays help
-ndon't resolve IPs/ports to host/portnames.
-p 'protocol' display NAT connections with protocol selection.
-s 'source host'display connections by source IP/hostname.
-d 'destination host' display connections by destination IP/hostname
-Sdisplay SNAT connections
-D display DNAT connections
-Ldisplay only connections to NAT box self (disables display of SNAT & DNAT)
-R display only connections routed through the NAT box (doesn't show SNAT & DNAT)
-x 'source host' display DNAT connections
-ostrip output-header
-Ndisplay NAT box connection information (IP and port) for NATing iface (only valid with SNAT & DNAT)
-r sort connections

3. Cisco’s IOS “show ip nat translation”

When you have IP connectivity issues in a NAT environment, it can be tough to figure out what's causing the issue. NAT is frequently accused when, in fact, there is an underlying problem. In the Cisco environment, you can easily troubleshoot the problem by using the following command.

show ip nat translation

show ip nat translation command on a Cisco router

Figure 3. Show ip nat translation command on a Cisco router

4. FortiView for FortiGate Firewalls

The primary logging tool for FortiGate firewalls is FortiView. It displays current and historical logs from several dashboards (applications, Wifi, web sites, etc.).

FortiView is an all-in-one network monitoring system that combines real-time and historical data into a single view. It can log and monitor network threats, filter data at multiple levels, and track administrative activity, among other things.

In the consoles, FortiView allows you to use multiple filters to narrow your view to a specific time, by user ID or local IP address, by application, and other options. On a network-wide user group or an individual-user level, you can use it to investigate traffic activity such as user uploads/downloads or YouTube videos watched. It provides both text and visual representations of information.

If you're looking for a specific NAT address, you can search and filter logs.

5. . “pfctl” for OpenBSD PF

Packet filtering control is represented by the command pfctl. It's the program that communicates with the packet filter device, and it's only for OpenBSD PFs.

The pfctl command can modify the packet filtering (or firewall) device's configuration and rules, as well as retrieve status information.

It is quite reliable and offers a large number of commands.

With the pfctl utility, append the (-s state) option to the command to see the current active NAT translations.

The following command displays a list of all active NAT sessions.

pfctl -s state

6. pfSense® software WebGUI

You can see a list of all firewall and NAT states in the [pfSense® software] (/docs/network-security-tutorials/pfsense) WebGUI, which includes:

  • The state is bound at the interface.
  • The protocol: The procedure that caused that condition to occur.
  • The origin and final destination. Before and after NATting, the IP address. The direction is indicated by the arrow (inbound to outbound or vice versa).
  • The state: The state's connection status. These differ depending on the protocol.
  • Packets: the number of packets from source to destination that fit the status.
  • Bytes: The total number of bytes in a packet from start to finish.

When the session list is too large to find what you're looking for, state filters can help.These filters assist you in doing a rapid search based on specific search parameters.

7. Juniper’s J-Web

The web user interface for Juniper's SRX Series Services Gateways is called J-Web.

You can use HTTPS to monitor, configure, and troubleshoot the firewall with this utility. The J-Web GUI eliminates the need for the JunOS CLI .You can configure NAT under the J-Web interface's NAT sessions and rules area .It also displays all current NAT translations as well as the policies that govern them.

When exploring information in real-time, you may also construct filters (or historical).

What is the Network Address Translation Table?

On a local network(LAN), how do all hosts share the same public IP address? Network Address Translation (NAT) re-assigns IP addresses and port numbers and uses a NAT translation table to keep track of these re-assignments.

When the router gets a packet with a public IP address from a local host, it changes the source IP address to its Internet IP address and changes the source port number so it knows which localhost process to deliver packets to. The translation table is updated with this re-assignment.

NAT assigns a new IP address and port number to any process on the local network that requires Internet connection. The Network Address Translation Table is then updated with each re-assignment.