(
Network
Address
Translation) The technology that maintains the privacy of the addresses of the computers in a home or business network when accessing the Internet. It converts the private addresses that are assigned to the internal computers to one or more public addresses that are visible on the Internet (see
private IP address). NAT is an IETF standard that is implemented in a router or firewall as well as in any user's machine that is configured to share its Internet connection (see
ICS).
NAT assigns a number to the packet headers of the messages going out to the Internet and keeps track of them via an internal table that it creates. When responses come back from the Internet, NAT uses the table to perform the reverse conversion to the private IP address of the requesting client machine (see illustration below).
A First-Level Firewall
NAT provides a small amount of security by keeping internal addresses hidden from the outside world. It prevents several kinds of first-level attacks, but not all, and it must be used in conjunction with the stateful inspection firewall built into the router or personal firewall in each user's machine. Enterprises generally use very robust firewall architectures for security (see
firewall and
firewall methods). See
dynamic NAT.
Not Enough IP Addresses
When the Internet was first developed, its 32-bit IP address provided four billion discrete numbers, which proved woefully insufficient to assign a unique number to every device that eventually became Internet enabled. With IP Version 6 (IPv6), there are sufficient numbers for everything on the planet; however, the original system (IPv4) is thoroughly entrenched. See
IPv4 and
IPv6.
NAT Port Address Translation (PAT)
This common NAT method assigns a different TCP port number to each client session with a server on the Internet. When responses come back, the source port becomes the destination port and determines which user to route the packets to. It also validates that the incoming packets were requested. See
TCP/IP port.