How Does NAT Work?
Let’s say that there is a laptop connected to a home network using NAT. That network eventually connects to a router that addresses the internet. Suppose that someone uses that laptop to search for directions to their favorite restaurant. The laptop is using NAT. So, it sends this request in an IP packet to the router, which passes that request along to the internet and the search service you’re using. But before your request leaves your home network, the router first changes the internal IP address from a private local IP address to a public IP address. Your router effectively translates the private address you’re using to one that can be used on the internet, and then back again. Now you know that your humble little cable modem or DSL router has a little, automated translator working inside of it.
If the packet keeps a private address, the receiving server won’t know where to send the information back to. This is because a private IP address cannot be routed onto the internet. If your router were to try doing this, all internet routers are programmed to automatically drop private IP addresses. The nice thing is, though, that all routers sold today for home offices and small offices can readily translate back and forth between private IP address and publicly-routed IP addresses.
What are Private IP Addresses?
As the internet became more popular years ago, the organization that manages IP addresses, known as the Internet Assigned Numbers Authority (IANA) realized that they needed to do something. So, they created a network address translation scheme. This scheme is described in a document called Request for Comments (RFC) 1918. This is just one document of thousands that define how the internet works. If you want to learn about NAT, this is the document that all router manufactures must implement. No matter what type of NAT you use, you will be using RFC 1918 addresses.
If you were to try to send an RFC 1918 private IP address onto the internet, it would be much like sending a physical piece of mail with the return address of “anonymous,” yet requesting return service notification. If you were to try doing that with a snail mail service, you would never get that return service notification, because the service wouldn’t be able to tell where “anonymous” even is.
NAT Types
There are three different types of NATs. People and organizations use them for different reasons, but they all still work as a NAT.
Static NAT
When the local address is converted to a public one, this NAT chooses the same one. This means there will be a consistent public IP address associated with that router or NAT device.
Dynamic NAT
Instead of choosing the same IP address every time, this NAT goes through a pool of public IP addresses. This results in the router or NAT device getting a different address each time the router translates the local address to a public address.
PAT
PAT stands for port address translation. It’s a type of dynamic NAT, but it bands several local IP addresses to a singular public one. Organizations that want all their employees’ activity to use a singular IP address use a PAT, often under the supervision of a network administrator/engineer.
Why Use NAT?
NAT is a straightforward process. Most routing equipment you purchase at a store will implement it automatically, or with a simple click of a mouse. Let’s get a bit deeper into NAT’s role in IP conservation and explain its limited role in providing security services.
IP Conservation
IP addresses identify each device connected to the internet. The existing IP version 4 (IPv4) uses 32-bit numbered IP addresses, which allows for 4 billion possible IP addresses, which seemed like more than enough when it launched in the 1970s.
However, the internet has exploded, and while not all 7 billion people on the planet access the internet regularly, those that do often have multiple connected devices: Phones, personal desktop, work laptop, tablet, TV, even refrigerators.
Therefore, the number of devices accessing the internet far surpasses the number of IP addresses available. Routing all of these devices via one connection using NAT helps to consolidate multiple private IP addresses into one public IP address. This helps to keep more public IP addresses available even while private IP addresses proliferate.
