Network Address Translation
The Network Address Translation is most important for IP addressing of a computer network. The Inter is growing with the number of users increasing exponentially. as the quantity of information and resources rises, it is becoming a necessity for the smallest business and home to get connected to the internet.
So there is a need for several IP addresses for many to use the Internet and it is not possible to provide a huge number of IP addresses. hence Network Address Translation is employed to connect several computers to the Internet with the use of a single IP address. This will permit home users and small business establishments to link their network to the Internet, which will be economically less expensive and efficient.
What is Network Address Translation or NAT
Network Address Translation, usually referred to by its acronym, NAT, is a normally used IP translation and mapping technology. NAT permits an Internet Protocol (IP) network for managing public IP addresses independently from a private IP address. NAT is a common technology for Internet connection sharing. It is also sometimes utilized in server load balancing applications on corporate networks. NAT is built into the most general Internet connections Sharing technologies around.
In its most normal configuration, NAT will map all of the private IP address on a home network to one IP address provided by an Internet Service Provider (ISP). This permits computers on the home local area network (LAN) for sharing one Internet connection. Besides this, it increases home network security by confining the access of external computers into the home IP network space.
NAT functions by inquiring about both incoming and outgoing IP datagrams. As required, it alters the source or destination address in the IP header to replicate the configured address mapping. NAT offers technical support for fixed or dynamic mappings of one or more internal and external IP addresses.
The function of NAT is generally established on routers and other gateway devices at the network boundary. NAT can also be applied completely in software. For example, the Internet Connection Sharing of Microsoft appends NAT support to the Windows operating system.
NAT, on its own, does not offer all the properties of a true firewall, however, it is frequently made use of on servers that include other firewall and antivirus support. NAT was created mainly to preserve public Internet address space. Internet RFC 1631 has the main NAT specification.
Kinds of Network Address Translation
There are different kinds of NAT as listed below:
- Static NAT
- Dynamic NAT
- Overloading or Post Address Translation
I explain all of the different types of Network Address Translation
Static NAT: It is a type of NAT in which a private IP address is mapped to a public IP address. The public address has a fixed IP address and this lets an internal host like a Web server for having an unregistered or private IP address and yet is accessible over the Internet. Static NAT is a one-to-one mapping between a registered IP address and an unregistered IP address. Static NAT is also known as inbound mapping as it maps a private internal IP address to a public IP address on a one-to-one basis. This is essential when a network device has to be accessible from outside the network.
Example: If a mail server has an IP address of 10.0.1.2 (a private address) and a NAT device will translate that IP address to 18.104.22.168 (a public address).
Dynamic NAT: It is a type of NAT in which a private IP address is mapped to a public IP address that is pulled from a pool of public addresses. Ideally, the NAT router in a network will have a table of public IP addresses. When a private IP address makes a request for accessing the Internet, the router selects an IP address from the table, which is unused by any other private IP address at that time. Dynamic NAT is useful in securing a network as it covers the internal configuration of a private network and in making it complicated for a person who is not in the network to control particular usage configurations. Another benefit of using dynamic NAT is that it permits a private network for making use of private IP addresses, which are useless on the Internet but can be used as internal addresses.
Usually, Dynamic NAT is applied where a whole private IP subnet will share a group of public IP addresses. The mapping of the computer’s non-routable IP address fitted to the chosen IP address is saved in the NAT table. Given that the outbound connection is managed, the private host can be accessed by inbound packets passed to the particular public address. When the binding terminates, the address is sent back to the group to get it reused again. Dynamic NAT makes a one-to-one mapping between private and public IP addresses. Even though this mapping will be differing, that is dependent on the registered addresses obtainable in the group at the time of communication.
Example: An internal client has an IP address of 10.0.1.150. This address when makes an attempt to interact with. an external network, the NAT device will translate it into the first accessible address in the range of 22.214.171.124 to 126.96.36.199.
Overloading or Post Address Translation: This type of NAT is also known as single-address NAT or port-level multiplexed NAT. This is a type of NAT that maps multiple private IP addresses to one public (registered) IP address by multiplexing streams separated by the TCP/UDP port number. In overloading or Post Address Translation (PAT), each computer on the local area network (LAN) is translated to the same IP address, except for a different port number assignment. It maps multiple private IP addresses to a single public IP address by making use of source port substitution prior to translation of the network request.
Example: A NAT device will translate all internal clients to one public IP address except for the fact that each source session will be assigned with a different port prior to passing it to the destination IP address.
Overlapping: Overlapping NAT happens when the internal IP addresses are public but used on another network. The NAI device translates these addresses to distinctive public addresses prior to forwarding the communication. Organizations utilize this type of NAT while using the same public addresses for internal clients whose physical location varies on the network. Generally, overlapping NAT is implemented using dynamic DNS.
When overlapping is implemented, the IP addresses used on the internal network are public IP addresses used on another network. To prevent disparity, a NAT table is created to translate these redundant internal addresses to a distinctive IP address. Vice versa, when passing packets into the private network, the public addresses should be translated to an address unique in the network.
Example: A NAT device translates a client with an IP address of 188.8.131.52 to an address in the range of 184.108.40.206 to 220.127.116.11.
Operation of Network Address Translation
When a client on the internal network communicates a machine on the Internet, it transmits out IP packets predestined for that machine. These packets have all the addressing information required to make them reach their destination. NAT is related to the information given below
- Source IP address (for example 192.168.1.50)
- Source TCP or UDP port (for example 2132)
When the packets transmitted through the NAT gateway they will be altered so that they seem to be coming from the NAT gateway itself. The NAT gateway registers the changes it makes in its state table so that it can reverse the changes on return packets and make sure that return packets are transmitted via the firewall unblocked. For example, the changes given below might be made:
- Source IP: replaced with the outside address of the gateway (for example, 18.104.22.168)
- Source port: replaced with a randomly chosen, not used port on the gateway (for example, 58186)
The internal machine or the Internet host is unaware of these translation procedures. For the internal machine, the NAT system is just an Internet gateway and for the Internet host, the packets seem to arrive directly from the NAT system. Even it is fully not aware of the existence of the internal workstation. When the Internet host responds to the packets of the internal machine, they will be directed to the NAT gateway’s external IP at the translation port.
The NAT gateway will then look for the state table to find out if the reply packets tally with a previously set up connection. A distinctive equivalent will be determined depending on the IP/port combination that informs the packet filter that the packets fit into a connection initiated by the internal machine. Packet filter will then do the contrary changes it did to the outgoing packets and send the reply packets on to the internal machine. Translation of ICMP packets occurs in the same way except that the source port modification will not be there.
Security and Administration of NAT
Basic NAT devices are not real firewalls, however, they are generally considered good for most home networks. NAT blocks most of the junk by not directing requests or probes that start from the Internet to the local area network (LAN). An ordinary NAT device cannot avoid hackers running denial of service (DoS) attacks on the network, but individuals are seldom attacked that way. It will prevent people from searching file shares, rogue mail servers and web servers, etc. Anyone can be protected from the usual kind of attacks with the help of a NAT device and antivirus program.
Employing dynamic NAT mechanically generates a firewall between your internal network and external networks, or between the internal network and the Internet. NAT only permits connections that start inside the stub domain (internal network). Necessarily, this implies that a computer on an outside network cannot connect to your computer except when your computer initiates the connection. When the Internet is used for browsing and getting connected to a site, and even for downloading a file, it is not possible for someone else to fasten onto the IP address being used and use it to link to a port on the computer used for browsing the Internet.
In certain situations, Static NAT, also known as inbound mapping. It permits outside devices for initiating connections to computers on the stub domain (internal network). For example, if it is wished to move from an internal global address to a particular internal local address assigned to web server, Static NAT should enable the connection. The following figure shows the functioning of a static NAT.