Intro to Networking - Network Address Translation (NAT) and the Internet
Overview
This is an introductory article on the workings of Network Address Translation (NAT) and its importance to Internet related traffic.
Network Address Translation (NAT) Introduction
Despite serving as the universal protocol for Internet Traffic, IPv4 has a finite number of IP Addresses available. Although IPv6, with its seemingly infinite number of IP addresses, will eventually supersede IPv4, Network Address Translation (NAT) helps preserve the finite number of IPv4 addresses available for Internet traffic. There are several types of NAT (this article does not cover all of them):
-
Destination NAT
Translates the destination address of packets that pass through the router. -
Source NAT
Translates the source address of packets that pass through the router. -
Source NAT Masquerade
Translates multiple source addresses to the same address and assigns a random port number.
Source NAT Masquerade allows the hosts on the LAN to reuse the single WAN IP Address assigned to the router. To do this, NAT builds a table of connections that pass through and randomly assigns a port number to track each unique connection. In the process, the source IP address and port of the LAN hosts (Pre-NAT) are translated to the WAN IP address of the router and a random port is assigned (Post-NAT). The following terms are used in the NAT process:
-
Pre NAT Source
The source IP address + port of the host on the LAN (192.168.1.10 : 2000 in the example below) before NAT translation. -
Post NAT Source
The source IP address of the router's WAN interface + randomly assigned port (203.0.113.1 : 64000 in the example below) after NAT translation. -
Pre NAT Destination
The destination IP address + port of the website that the client is trying to reach (198.51.100.1 : 443 in the example below) before NAT translation. -
Post NAT Destination
The destination IP address + port of the website that the client is trying to reach (198.51.100.1 : 443 in the example below) after NAT translation.
The diagram below shows an example of the NAT process when a LAN host is trying to access a website on the Internet:
Example setup where NAT is running on the UniFi Security Gateway (USG). The private LAN IP addresses of the clients will be translated to the USG's WAN IP address using Source NAT (Masquerade). Note that the Pre/Post NAT destination address + port are not changed.
Related Articles
Intro to Networking - Network Firewall Security
UniFi - USG Advanced Configuration
UniFi - USG Port Forward: Port Forwarding Configuration and Troubleshooting