Basic NAT

Basic NAT implements one-to-one IP address translation. In this mode, only the IP address is translated, whereas the TCP/UDP port number remains unchanged. Basic NAT cannot translate multiple private IP addresses to the same public IP address.

Figure 5-1  Networking diagram for basic NAT

As shown in Figure 5-1, the basic NAT process is as follows:

1. The Router receives a request packet sent from the host on the private network for accessing the server on the public network. The source IP address of the packet is 10.1.1.100.

2. The Router selects an idle public IP address (1.1.1.1) from the IP address pool, and sets up forward and reverse NAT entries that specify the mapping between the source IP address of the packet and the public IP address. The Router translates the packet's source IP address to the public IP address based on the forward NAT entry, and sends the packet to the server on the public network. After the translation, the packet's source IP address is 1.1.1.1, and its destination IP address is 2.2.2.2.

3. After receiving a response packet from the server on the public network, the Router queries the reverse NAT entry based on the packet's destination IP address. The Router translates the packet's destination IP address to the private IP address of the host on the private network based on the reverse NAT entry, and sends the packet to the host. After the translation, the packet's source IP address is 2.2.2.2, and its destination IP address is 10.1.1.100.

Basic NAT cannot solve the problem of public IP address shortage because it cannot implement address reuse. Therefore, basic NAT is seldom used in practice.

The number of public IP addresses owned by the NAT device is far less than the number of hosts on private networks because not all the hosts on private networks access public networks at the same time. The number of public IP addresses needs to be determined based on the number of hosts on private networks that access public networks during peak hours.

NAPT

In addition to one-to-one address translation, NAPT allows multiple private IP addresses to be mapped to the same public IP address. It is also called many-to-one address translation or address reuse.

NAPT translates the IP address and port number of a packet so that multiple users on a private network can use the same public IP address to access the public network.

Figure 5-2  Networking diagram for NAPT

As shown in Figure 5-2, the NAPT process is as follows:

1. The Router receives a request packet sent from the host on the private network for accessing the server on the public network. For example, the packet is sent from Host A to Router, its source IP address is 10.1.1.100, and its port number is 1025.

2. The Router selects an idle public IP address and an idle port number from the IP address pool, and sets up forward and reverse NAPT entries that specify the mapping between the source IP address and port number of the packet and the public IP address and port number. The Router translates the packet's source IP address and port number to the public IP address and port number based on the forward NAPT entry, and sends the packet to the server on the public network. For example, after the translation is performed on the packet of Host A, the packet's source IP address is 1.1.1.1, and its port number is 16384.

3. After receiving a response packet from the server on the public network, the Router queries the reverse NAPT entry based on the packet's destination IP address and port number. The Router translates the packet's destination IP address and port number to the private IP address and port number of the host on the private network based on the reverse NAPT entry, and sends the packet to the host. For example, after the translation is performed on the packet sent from the server to Host A, the packet's destination IP address is 10.1.1.100, and its destination port number is 1025.