UniFi OS Consoles Wi-Fi Switching Camera Security Phone System Door Access Accessories UISP
Support Resources
Store
Support Resources
UniFi OS Consoles Wi-Fi Switching Camera Security Phone System Door Access Accessories UISP Store

Intro to Networking - Network Address Translation (NAT) and the Internet

Overview

This is an introductory article on the workings of Network Address Translation (NAT) and its importance to Internet related traffic.

NOTES:
Find a complete introductory guide on Routing and Switching in our Ubiquiti Broadband Routing & Switching Specialist (UBRSS) guide, downloadable in our Training section.

Network Address Translation (NAT) Introduction

Back to Top

Despite serving as the universal protocol for Internet Traffic, IPv4 has a finite number of IP Addresses available. Although IPv6, with its seemingly infinite number of IP addresses, will eventually supersede IPv4, Network Address Translation (NAT) helps preserve the finite number of IPv4 addresses available for Internet traffic. There are several types of NAT (this article does not cover all of them):

  • Destination NAT Translates the destination address of packets that pass through the router.
  • Source NAT Translates the source address of packets that pass through the router.
  • Source NAT Masquerade Translates multiple source addresses to the same address and assigns a random port number.
NOTE:Source NAT Masquerade is also often referred to as Many-to-One NAT, Port Address Translation (PAT) or NAT Overload.

Source NAT Masquerade allows the hosts on the LAN to reuse the single WAN IP Address assigned to the router. To do this, NAT builds a table of connections that pass through and randomly assigns a port number to track each unique connection. In the process, the source IP address and port of the LAN hosts (Pre-NAT) are translated to the WAN IP address of the router and a random port is assigned (Post-NAT). The following terms are used in the NAT process:

  • Pre NAT Source The source IP address + port of the host on the LAN (192.168.1.10 : 2000 in the example below) before NAT translation.
  • Post NAT Source The source IP address of the router's WAN interface + randomly assigned port (203.0.113.1 : 64000 in the example below) after NAT translation.
  • Pre NAT Destination The destination IP address + port of the website that the client is trying to reach (198.51.100.1 : 443 in the example below) before NAT translation.
  • Post NAT Destination The destination IP address + port of the website that the client is trying to reach (198.51.100.1 : 443 in the example below) after NAT translation.

The diagram below shows an example of the NAT process when a LAN host is trying to access a website on the Internet:

topology.png

Example setup where NAT is running on the UniFi Security Gateway (USG). The private LAN IP addresses of the clients will be translated to the USG's WAN IP address using Source NAT (Masquerade). Note that the Pre/Post NAT destination address + port are not changed. 

Related Articles

Back to Top

Intro to Networking - Network Firewall Security

UniFi - USG Advanced Configuration

UniFi - USG Port Forward: Port Forwarding Configuration and Troubleshooting

EdgeRouter - Source NAT and Masquerade

EdgeRouter - Hairpin NAT

EdgeRouter - Destination NAT

Was this article helpful?
28 out of 55 found this helpful