This is an introductory article on the workings of Network Address Translation (NAT) and its importance to Internet related traffic.
Network Address Translation (NAT) Introduction
Despite serving as the universal protocol for Internet Traffic, IPv4 has a finite number of IP Addresses available. Although IPv6, with its seemingly infinite number of IP addresses, will eventually supersede IPv4, Network Address Translation (NAT) helps preserve the finite number of IPv4 addresses available for Internet traffic. There are several types of NAT (this article does not cover all of them):
Destination NATTranslates the destination address of packets that pass through the router.
Source NATTranslates the source address of packets that pass through the router.
Source NAT MasqueradeTranslates multiple source addresses to the same address and assigns a random port number.
Source NAT Masquerade allows the hosts on the LAN to reuse the single WAN IP Address assigned to the router. To do this, NAT builds a table of connections that pass through and randomly assigns a port number to track each unique connection. In the process, the source IP address and port of the LAN hosts (Pre-NAT) are translated to the WAN IP address of the router and a random port is assigned (Post-NAT). The following terms are used in the NAT process:
Pre NAT SourceThe source IP address + port of the host on the LAN (192.168.1.10 : 2000 in the example below) before NAT translation.
Post NAT SourceThe source IP address of the router's WAN interface + randomly assigned port (203.0.113.1 : 64000 in the example below) after NAT translation.
Pre NAT DestinationThe destination IP address + port of the website that the client is trying to reach (198.51.100.1 : 443 in the example below) before NAT translation.
Post NAT DestinationThe destination IP address + port of the website that the client is trying to reach (198.51.100.1 : 443 in the example below) after NAT translation.
The diagram below shows an example of the NAT process when a LAN host is trying to access a website on the Internet:
Example setup where NAT is running on the UniFi Security Gateway (USG). The private LAN IP addresses of the clients will be translated to the USG's WAN IP address using Source NAT (Masquerade). Note that the Pre/Post NAT destination address + port are not changed.