![]() ![]() |
2.5 | ![]() |
Private Addressing and NAT | |
2.5.3 | ![]() |
Network Address Translation (NAT) |
NAT, as defined by RFC 1631, is the
process of swapping one address for another in the IP packet header. In
practice, NAT is used to allow hosts that are privately addressed, using
RFC 1918 addresses, to access the Internet. A NAT enabled device, such as a UNIX computer or a Cisco router, operates at the border of a stub domain. An example is an internetwork that has a single connection to the outside world. When a host inside the stub domain wants to transmit to a host on the outside, it forwards the packet to the NAT enabled device. The NAT process then looks inside the IP header and, if appropriate, replaces the inside IP address with a globally unique IP address. When an outside host sends a response, the NAT does the following:
NAT translations can occur dynamically or statically and can be used for a variety of purposes. The most powerful feature of NAT routers is their capability to use port address translation (PAT), which allows multiple inside addresses to map to the same global address. This is sometimes called a many-to-one NAT. With PAT, or address overloading, literally hundreds of privately addressed nodes can access the Internet using only one global address. The NAT router keeps track of the different conversations by mapping TCP and UDP port numbers.
|