NAT is a method in IP-based networks that replaces sender and/or destination addresses of IP data packets with other IP addresses. One of the main reasons for using Network Address Translation is the scarcity of public IPv4 addresses routable on the Internet. The exchange of IP addresses also offers security benefits, as the private IP addresses of local end devices remain hidden from the public Internet.
What is NAT (Network Address Translation)?
NAT is the abbreviation for Network Address Translation. It is a procedure standardized as early as the 1990s, among other things in RFC 1631, with which the sender and/or destination IP addresses of IP data packets can be exchanged. NAT was developed mainly because routable public IPv4 addresses are scarce on the Internet.
Network Address Translation allows private IP addresses to be used in local networks and only replaced by public IP addresses at the transition to public networks such as the Internet.
As a rule, the routers installed at the network boundaries take over the task of address translation. Swapping IP addresses also offers security benefits, as local end devices on a private network remain hidden from the public Internet. The introduction of IPv6 and the large number of available public IPv6 addresses makes Network Address Translation obsolete.
Distinction between Source Network Address Translation and Destination Network Address Translation
Depending on whether the destination or sender IP addresses are exchanged, the procedure is referred to as Source or Destination Network Address Translation (SNAT or DNAT). SNAT and DNAT can be applied individually or jointly to a data packet. Source Network Address Translation in the form of PAT is usually used for private Internet access.
Differences between NAT and PAT
PAT (Port and Address Translation) is a variant of network address translation. IP addresses are not exchanged one-to-one in PAT, but different IP addresses are replaced by a single IP address. Combinations of IP addresses and UDP or TCP port numbers are used to correctly assign data packets to the respective exchanged IP address at the network boundaries.
PAT is the appropriate solution if an Internet connection is assigned only a single public IP address by the provider. All end devices can communicate with this one public IP address on the Internet thanks to PAT.
Problems due to Network Address Translation
NAT causes problems in IP networks because the basic principle of end-to-end connection is violated. For some protocols and applications, such as Voice over IP (VoIP), terminals and servers that want to communicate across NAT boundaries require procedures and mechanisms such as STUN servers (Session Traversal Utilities for NAT) or fixed port forwarding.
Problems occur, for example, when establishing a connection from the public Internet to a destination in a privately addressed network or with cryptographic procedures.
Additional security through NAT
Network Address Translation provides additional security to a certain extent. This is because end devices in a privately addressed network behind a NAT router remain hidden from attackers from the public Internet. Without further procedures or measures such as fixed port forwarding, no connections to the end devices can be established from the Internet.
Only the end device itself can initiate a connection setup to a destination on the Internet. The protection function is comparable to a rudimentary firewall. However, Network Address Translation does not offer full-fledged firewall functions such as packet filters and IP address-dependent blocking and forwarding functions.