|
NAT, as defined by RFC 1631, is the
process of swapping one address for another in the
IP packet header. In practice, NAT is used to allow hosts that are
privately addressed
(using RFC 1918 addresses) to access the Internet.
A NAT-enabled device, such as a UNIX computer or a Cisco router,
operates at the
border of a stub domain (i.e., an internetwork that has a single
connection to the
outside world). When a host inside the stub domain wants to transmit
to a host on the
outside, it forwards the packet to the NAT-enabled device. The NAT
process then looks inside the IP header and, if appropriate, replaces the inside IP
address with a globally unique IP address. When an outside host sends a response, the NAT
process receives it,
checks the current table of network address translations, and
replaces the destination address with the original inside source. NAT translations can occur
dynamically or statically and can be used for a variety of purposes.
The most powerful feature of NAT routers is their capability to use
port address
translation (PAT), which allows multiple inside addresses to map to
the same global
address. This is sometimes called a "many-to-one" NAT.
With PAT, or address overloading, literally hundreds of privately addressed nodes can
access the Internet using
only one global address. The NAT router keeps track of the different
conversations by
mapping TCP and UDP port numbers.
|