Overview of NAT
NAT in early implementations refers to basic NAT which translates only IP addresses. Therefore, basic NAT can only allow intranet hosts to access public networks and cannot solve the problem of IP address shortage. At the late stage of NAT development, NAT mainly refers to network address port translation (NAPT). NAPT supports both address translation and port translation, and allows multiple intranet hosts to share a public IP address to access public networks. Therefore, NAPT can effectively address the problem of IP address shortage. Unless otherwise specified, NAT in this document refers to NAPT.
Basic NAT
Basic NAT implements one-to-one IP address translation. In this mode, only the IP address is translated, whereas the TCP/UDP port number remains unchanged. Basic NAT cannot translate multiple private IP addresses into the same public IP address. Figure 5-1 shows the implementation of static NAT.
The process of basic NAT is as follows:
Host A on the private network sends a packet to the Router for accessing the server on a public network. The packet's source IP address is 10.1.1.1.
After receiving the packet, the Router performs basic NAT. The Router searches NAT mapping entries based on the source IP address to check whether there is an entry that records the mapping from 10.1.1.1 to 1.1.1.1. If so, the Router translates the source IP address 10.1.1.1 into 1.1.1.1 and sends the packet to the server on the public network. If not, in addition to translating the source IP address, the Router sets up forward and reverse NAT entries that specify the mapping between the source IP address of the packet and the public IP address.
The server on the public network sends a response packet to the translated public IP address 1.1.1.1 of host A. After receiving the response packet from the server on the public network, the Router searches NAT mapping entries based on the packet's destination IP address, translates the packet's destination IP address 1.1.1.1 into the corresponding private IP address 10.1.1.1 of host A, and sends the packet to host A.
- The process for host B on the private network to access the server on the public network is similar. Since basic NAT does not translate port numbers, host A and host B use different public IP addresses to access the server on the public network.
NAPT
NAPT translates both the IP address and port number of a packet. In addition, NAPT allows multiple private IP addresses to be mapped to the same public IP address. It is also called many-to-one address translation or address reuse. Figure 5-2 describes the implementation of NAPT.
The NAPT process is as follows:
Host A on the private network sends a packet to the Router for accessing the server on a public network. The packet's source IP address is 10.1.1.1, and its port number is 10.
After receiving the packet, the Router performs NAPT. The Router searches NAT mapping entries based on the source IP address and port number to check whether there is an entry that records the mapping from 10.1.1.1:10 into 1.1.1.1:30. If so, the Router translates the source IP address 10.1.1.1 into 1.1.1.1 and the port number 10 into 30. Then the Router sends the packet to the server on the public network. If not, in addition to translating the source IP address and port number, the Router sets up forward and reverse NAT entries that specify the mapping between the source IP address and port number of the packet and the public IP address and port number.
The server on the public network sends a response packet to the translated public IP address 1.1.1.1 of host A. After receiving a response packet from the server on the public network, the Router searches NAT mapping entries based on the destination IP address and port number, translates the destination IP address 1.1.1.1 into 10.1.1.1 and port number 30 into 10, and forwards the packet to host A.
- The process for host B on the private network to access the server on the public network is similar. Since NAPT can translate port numbers, host A and host B can use the same public IP address 1.1.1.1 to access the server on the public network.
The number of IP addresses owned by the NAT device is far less than the number of hosts on private networks because not all the hosts on private networks access public networks at the same time. The number of public IP addresses needs to be determined based on the number of hosts on private networks that access public networks during peak hours.