(Network Address Translation) An IETF standard that allows an organization to present itself to the Internet with far fewer IP addresses than there are nodes on its internal network. The NAT technology, which is implemented in a router, firewall or PC, converts private IP addresses (such as in the 192.168.0.0 range) of the machine on the internal private network to one or more public IP addresses for the Internet. It changes the packet headers to the new address and keeps track of them via internal tables that it builds. When packets come back from the Internet, NAT uses the tables to perform the reverse conversion to the IP address of the client machine. NAT is also provided with Windows Internet Connection Sharing (see ICS).
One disadvantage of NAT is that it defeats "Internet transparency," which means that packets remain intact from end to end (see RSIP).
NAT Adds Security
NAT not only conserves public IP addresses, but it also enhances security by keeping internal addresses hidden from the outside world. NAT prevents several kinds of first-level attacks, but not all, and must be used in conjunction with a personal firewall in a home network and more robust firewalls in a company (see firewall).
Static and Dynamic NAT
In static NAT, there is a manual assignment of a public address to each internal machine, and that assignment is used all the time. Dynamic NAT uses a pool of public addresses and assigns them on a first-come, first-served basis. Both static and dynamic NAT require that enough public addresses are available to satisfy the total number of simultaneous user sessions.
Port Address Translation (PAT)
The most common NAT method used today is port address translation (PAT), which is also called "NAT overloading," "network address port translation" (NAPT) and "NAT/PAT." PAT is used in large enterprises as well as small offices and the home. Just like any department in a company, families want simultaneous Internet access for several people, and cable modems, DSL and ISDN connections have only one public IP address.
PAT ensures that a different TCP port number is used for each client session with a server on the Internet. When the response comes back from the server, the source port number, which becomes the destination port number on the return trip, determines which user to route the packets to. It also validates that the incoming packets were indeed requested. See NAT traversal, UDP hole punching, private IP address and proxy server.
NAT/PAT
By using a different port number for each user, the NAT device knows which client PC to route the incoming packets to.
One disadvantage of NAT is that it defeats "Internet transparency," which means that packets remain intact from end to end (see RSIP).
NAT Adds Security
NAT not only conserves public IP addresses, but it also enhances security by keeping internal addresses hidden from the outside world. NAT prevents several kinds of first-level attacks, but not all, and must be used in conjunction with a personal firewall in a home network and more robust firewalls in a company (see firewall).
Static and Dynamic NAT
In static NAT, there is a manual assignment of a public address to each internal machine, and that assignment is used all the time. Dynamic NAT uses a pool of public addresses and assigns them on a first-come, first-served basis. Both static and dynamic NAT require that enough public addresses are available to satisfy the total number of simultaneous user sessions.
Port Address Translation (PAT)
The most common NAT method used today is port address translation (PAT), which is also called "NAT overloading," "network address port translation" (NAPT) and "NAT/PAT." PAT is used in large enterprises as well as small offices and the home. Just like any department in a company, families want simultaneous Internet access for several people, and cable modems, DSL and ISDN connections have only one public IP address.
PAT ensures that a different TCP port number is used for each client session with a server on the Internet. When the response comes back from the server, the source port number, which becomes the destination port number on the return trip, determines which user to route the packets to. It also validates that the incoming packets were indeed requested. See NAT traversal, UDP hole punching, private IP address and proxy server.
NAT/PAT
By using a different port number for each user, the NAT device knows which client PC to route the incoming packets to.
 | Reproduced with permission from Computer Desktop Encyclopedia. Copyright (c) 1981-2009 The Computer Language Company Inc. All rights reserved. |
Additional Resources
- TeamViewer 5.0.7312 Beta (Windows)
- TeamViewer is a simple and fast solution for remote control, desktop sharing and file transfer that works behind any firewall and NAT proxy. To connect to another computer just run TeamViewer on both machines without the need of an installation procedure. With the first start automatic partner IDs are generated...
- Software downloads 2009-11-21
- TekSIP 2.3 (Windows)
- TekSIP complies with RFC 3261, RFC 3263, RFC 3311, RFC 3581, and RFC 3891. It supports NAT traversal. Please see technical details about NAT traversal in Readme.txt. You can select IP address to be listened and default SIP endpoint for outgoing calls. You can also log session details into a...
- Software downloads 2009-11-20
- TekPhone 1.2 (Windows)
- TekPhone is a SIP Session Initiation Protocol VoIP Softphone that provides UA agent functions (Based on RFC 3261) runs under Windows (XP, Vista, 2003 Server). TekPhone supports Only G.711 A - Mu law codecs and RFC 2833 for DTMF digit delivery and UPnP for NAT traversal. You can also set...
- Software downloads 2009-11-20
- ShareTool 1.3.3 (Mac)
- ShareTool is hands down, the fastest, easiest, and most secure way to access all of your Bonjour services from anywhere in the world. No server or technical skills required. Also works with VPN connections. For anyone that's been itching to get Bonjour working over VPN, ShareTool is for you! Why...
- Software downloads 2009-11-19
- Gbridge 2.0.0.1322 (Windows)
- Securely do VNC, share files, sync folder and remote backup via Google based VPN, even behind NAT. Gbridge helps you to manage your multiple PCs, and collaborate works with close friends. You can also use it to privately exchange huge media files with your family. Gbridge has many unique features....
- Software downloads 2009-11-18
- Microsoft probing Windows 7 zero-day hole
- I hope Jeremy got some sleep last nightbecause he probably won't be getting much in the near future.first of many zillionsis there anything worse than being MS security programmer?poor bastards.YesYeah, being a mindless repetitive troll.yeah, being a poor Mac user. yeah, being a poor Mac user....
- Discussion threads 2009-11-12
- BitSpirit 3.6.0.330 Stable (Windows)
- This is a BitTorrent client which provides full BitTorrent protocol implementation and many personalized features.It supports simultaneous downloads, download queue, UPnP port-maping, NAT traversalUDP transport, select downloads from multiple files torrent package, disk cache, chatting with other peers, torrent market, ipfilter, etc. In 3.0 or above versions of BitSpirit, it...
- Software downloads 2009-11-12
- PC-Telephone 6.1 (Windows)
- Make FREE pc-to-pc, pc-pc and cheap pc-to-phone, pc-phone, pc-to-fax, pc-fax, phone-to-pc, phone-pc, fax-to-pc, fax-pc, sip-phone, sip-to-phone calls over Internet/VoIP or ISDN/PSTN telephone networks. Use your computer as internet telephone, USB phone, USB handset, ISDN telephone, ISDN fax, answer phone, fax software, voicemail, caller ID, CLIP/CLIR, audio conferencing, call answer, call...
- Software downloads 2009-11-10
- Lighthouse 1.2.7 (Mac)
- Lighthouse is a dynamic port forwarding utility, allowing you to enable and disable port forwardings with just a single click. Both NAT/PMP Apple Airport base stations and UPnP (D-Link, Linksys, Netgear) protocols are supported. Port forwardings are frequently necessary for tools such as instant messengers, file-sharing utilities and other...
- Software downloads 2009-10-24
- WinGate 6.6.4 build 1338 (Windows)
- WinGate is a sophisticated integrated Internet gateway and communications server designed to meet the control, security and communications needs of today's Internet-connected businesses. WinGate's comprehensive range of license options provides you the flexibility to choose the features and capabilities that best match your needs and budget, whether you need to...
- Software downloads 2009-10-14
- TeamViewer 4.1.6911 (Windows)
- TeamViewer is a simple and fast solution for remote control, desktop sharing and file transfer that works behind any firewall and NAT proxy. To connect to another computer just run TeamViewer on both machines without the need of an installation procedure. With the first start automatic partner IDs are generated...
- Software downloads 2009-10-10
- UserGate Proxy & Firewall 5.2 (Windows)
- UserGate is a complex solution for sharing Internet access among employees in your company, making traffic calculations, and protecting your local network against malicious activity and software, such as hacker attacks, viruses and Trojans. UserGate is a flexible yet very powerful program that can be used in small- and mid-sized...
- Software downloads 2009-10-06
- TeamViewer 4.1.6886 (Mac)
- TeamViewer is a simple and fast solution for remote control, desktop sharing and file transfer that works behind any firewall and NAT proxy. To connect to another computer just run TeamViewer on both machines without the need of an installation procedure. With the first start automatic partner IDs are generated...
- Software downloads 2009-10-05
- Brekeke SIP Server 2.3.8.2 (Windows)
- Brekeke SIP Server provides SIP-based communication platform for service providers and enterprises. The product has original NAT traversal functionality, TCP-UDP (UDP-TCP) conversion as well as flexible control routing functions. Brekeke SIP Server enables high-quality and reliable IP communications with minimal initial investment.
- Software downloads 2009-09-30
- Windows SMB2 exploit now public; Expect in-the-wild attacks soon
- Another "researcher" makes a name for himself.So, just why was it necessary for for this Bozo to actually "create and release the code" for the exploit? Let me guess. His company makes money by hyping up the level of fear. See their web page where they say...
- Discussion threads 2009-09-29
- The best VoIP solution is ...
- What about hosted?Wondering if you guys would be willing to discuss the most obvious omission... hosted. It's like choosing which car to buy when its cheaper to take a limo.RE: The best VoIP solution is ...Your article was only comprehensive if you consider just the IP-PBX and desktop telephone;...
- Discussion threads 2009-09-22
- Network Asset Tracker Pro 3.0 (Windows)
- Network Asset Tracker Pro is a comprehensive network inventory solution that enables you to scan all the nodes of your network with just one click. Get complete information about operating system, service packs, hotfixes, hardware, software and running processes on remote PCs. Powerful reporting module helps you save a lot...
- Software downloads 2009-09-21
- Microsoft confirms SMB2 vulnerability, warns of code execution risk
- Feel free to delete this Ryan.ThanksIsn't it about time we stop playing nice andfind these people who create such an endless stream of blank and do a bit of Vlad the Impaler on them? Catch em... give them a fair trial (I want to be certain we publicly impale...
- Discussion threads 2009-09-09
- Windows 7, Vista exposed to 'teardrop attack'
- Vulnerable by default?[i]Exploit code for a remote reboot flaw in Microsoft's implementation of the SMB2 protocol has been posted on the internet, exposing users of Windows 7 and Windows Vista to the teardrop attacks that used to be popular on Windows 3.1 and Windows 95.[/i]I presume this attack is able...
- Discussion threads 2009-09-08
- WaterRoof 2.2 (Mac)
- WaterRoof is a firewall management frontend with bandwidth tuning, NAT setup, port redirection, dynamic rules tracking, predefined rule sets, wizard, logs, statistics and other features. With WaterRoof you can set up the IPFW built-in firewall easily and quickly. With the NAT Setup feature you can fine-tune your internet sharing for...
- Software downloads 2009-09-07
Neighboring Terms
Premier Vendor Content Whitepapers, webcasts & resources from our Power Center Sponsors
- The more you simplify, the more you save
-
When you transition from your existing Red Hat environment to SUSE Linux Enterprise from Novell, you can recognize dramatic cost savings, perhaps as much 50%
- Learn more >>
- Keep Up With The Latest In Document Management with The DocuMentor.
-
Doc delivers the scoop on today's enterprise content management, printer maintenance, and all other issues related to document management. It's the DocuMentor Blog.
- Learn more >>
- Learn more about tools to grow your business
-
The Business Essentials Guide provides you useful tools and templates to help grow your business and save you time with automated shipping solutions.
- Save time with the UPS Business Essentials Guide
- The best support in the Linux business
-
If Linux is going to power your mission-critical applications, you'd better have the best support known to business. Novell was rated the top provider of Linux technical support.
- Learn more >>
SmartPlanet
- Thought-provoking progressive ideas on diverse topics that intersect with technology, business, and life, and matter to the world at large. Visit SmartPlanet
- More from IBM
-
- Innovate your business' process model, play against the market, compete against others on our scoreboards and WIN! Try INNOV8 2.0: A BPM Simulator
- Enabling Real-World Business Transformation through IBM Service Management Read the EMA Analyst Report
