http://whatismyipaddress.com/nat

What is Network Address Translation?

Network Address Translation (NAT) is the process where a network device, usually a firewall, assigns a public address to a computer (or group of computers) inside a private network. The main use of NAT is to limit the number of public IP addresses an organization or company must use, for both economy and security purposes.

The most common form of network translation involves a large private network using addresses in a private range (10.0.0.0 to 10.255.255.255, 172.16.0.0 to 172.31.255.255, or 192.168.0 0 to 192.168.255.255). The private addressing scheme works well for computers that only have to access resources inside the network, like workstations needing access to file servers and printers. Routers inside the private network can route traffic between private addresses with no trouble. However, to access resources outside the network, like the Internet, these computers have to have a public address in order for responses to their requests to return to them. This is where NAT comes into play.

Internet requests that require Network Address Translation (NAT) are quite complex but happen so rapidly that the end user rarely knows it has occurred. A workstation inside a network makes a request to a computer on the Internet. Routers within the network recognize that the request is not for a resource inside the network, so they send the request to the firewall. The firewall sees the request from the computer with the internal IP. It then makes the same request to the Internet using its own public address, and returns the response from the Internet resource to the computer inside the private network. From the perspective of the resource on the Internet, it is sending information to the address of the firewall. From the perspective of the workstation, it appears that communication is directly with the site on the Internet. When NAT is used in this way, all users inside the private network access the Internet have the same public IP address when they use the Internet. That means only one public addresses is needed for hundreds or even thousands of users.

Most modern firewalls are stateful - that is, they are able to set up the connection between the internal workstation and the Internet resource. They can keep track of the details of the connection, like ports, packet order, and the IP addresses involved. This is called keeping track of the state of the connection. In this way, they are able to keep track of the session composed of communication between the workstation and the firewall, and the firewall with the Internet. When the session ends, the firewall discards all of the information about the connection.

There are other uses for Network Address Translation (NAT) beyond simply allowing workstations with internal IP addresses to access the Internet. In large networks, some servers may act as Web servers and require access from the Internet. These servers are assigned public IP addresses on the firewall, allowing the public to access the servers only through that IP address. However, as an additional layer of security, the firewall acts as the intermediary between the outside world and the protected internal network. Additional rules can be added, including which ports can be accessed at that IP address. Using NAT in this way allows network engineers to more efficiently route internal network traffic to the same resources, and allow access to more ports, while restricting access at the firewall. It also allows detailed logging of communications between the network and the outside world.

Additionally, NAT can be used to allow selective access to the outside of the network, too. Workstations or other computers requiring special access outside the network can be assigned specific external IPs using NAT, allowing them to communicate with computers and applications that require a unique public IP address. Again, the firewall acts as the intermediary, and can control the session in both directions, restricting port access and protocols.

NAT is a very important aspect of firewall security. It conserves the number of public addresses used within an organization, and it allows for stricter control of access to resources on both sides of the firewall.

Related Articles

What is Network Address Translation?---reference的更多相关文章

  1. Network Address Translation(转载)

    Network Address Translation  来源:http://alexanderlaw.blog.hexun.com/9791596_d.html       地址转换用来改变源/目的 ...

  2. NAT(Network Address Translation)

    一.概述 NAT英文全称是“Network Address Translation”,中文意思是“网络地址转换”,它是一个IETF(Internet Engineering Task Force, I ...

  3. NAT Network Address Translation,网络地址转换

    Network Address Translation,网络地址转换

  4. iptables 网址转译 (Network Address Translation,NAT)

    当封包流经NAT電腦時,其位址/通訊端口會被修改,以達到改变包目的地(或旅程),或是让目的地误以为包是源自NAT电脑的效果.換言之,对封包执行NAT的电脑,可以成为新包的来源或目的地,或是成为真正来源 ...

  5. Internet protocol security (ipsec) packet processing for multiple clients sharing a single network address

    Embodiments of the present invention address deficiencies of the art in respect to secure communicat ...

  6. [转]Peer-to-Peer Communication Across Network Address Translators

    Peer-to-Peer Communication Across Network Address Translators Bryan Ford Massachusetts Institute of ...

  7. PatentTips - DMA address translation between peer-to-peer IO devices

    BACKGROUND As processing resources have increased, demands to run multiple software programs and ope ...

  8. PatentTips - Supporting address translation in a virtual machine environment

    BACKGROUND A conventional virtual-machine monitor (VMM) typically runs on a computer and presents to ...

  9. Linear to physical address translation with support for page attributes

    Embodiments of the invention are generally directed to systems, methods, and apparatuses for linear ...

随机推荐

  1. day02.1-字符串内置方法

    字符串——str的定义:test = "zizaijiapu" 特点:1. 字符串是可迭代对象: 2. 字符串中各元素是有序的: 3. 字符串一经创建,其内容值不可修改. 1. 查 ...

  2. 题解 P2863 【[USACO06JAN]牛的舞会The Cow Prom】

    题目链接 赤裸裸的板子,就加一个特判就行.直接上代码 #include<stdio.h> #include<algorithm> #include<iostream> ...

  3. SpringBoot Maven多模块整合MyBatis 打包jar

    最近公司开始新的项目,框架选定为SpringBoot+Mybatis,本篇主要记录了在IDEA中搭建SpringBoot多模块项目的过程. 源码:https://github.com/12641561 ...

  4. ubuntu15.04下安装docker

    ​##获得更多资料欢迎进入我的网站或者 csdn或者博客园 最近听说docker很火,不知道什么东西,只知道是一个容器,可以跨平台.闲来无事,我也来倒弄倒弄.本文主要介绍:ubuntu下的安装,以及基 ...

  5. Jquery each ajax 赋值

    <script type="text/javascript"> $(document).ready(function () { $("#mylist li s ...

  6. 数据结构54:平衡二叉树(AVL树)

    上一节介绍如何使用二叉排序树实现动态查找表,本节介绍另外一种实现方式——平衡二叉树. 平衡二叉树,又称为 AVL 树.实际上就是遵循以下两个特点的二叉树: 每棵子树中的左子树和右子树的深度差不能超过 ...

  7. WPF:CheckBox竖向的滑块效果

    原文:WPF:CheckBox竖向的滑块效果 之前做了一个横向的滑块效果,<WPF:CheckBox滑块效果>,其实我觉得那个不好看,今天又做了一个竖向的玩. <Style Targ ...

  8. JavaWeb学习笔记(九)—— JSTL标签库

    一.JSTL概述 1.1 什么是JSTL  JSTL是apache对EL表达式的扩展(也就是说JSTL依赖EL),JSTL是标签语言!JSTL标签使用以来非常方便,它与JSP动作标签一样,只不过它不是 ...

  9. windows_study_1

    描述:win8/windows server 设置用户登陆密码永不过期 解决:  第一步:打开控制面板,点击系统和安全第二部:管理工具第三步:本地安全组策略第四步:看图 第五步:把密码过期天数,改成0 ...

  10. bzoj 1085骑士精神 迭代深搜

    题目传送门 题目大意:给出一幅棋盘,问能否复原,中文题面,不做解释. 思路:第一次写迭代深搜的题目,这道题还是挺经典的.这道题的状态很明显的每多搜一层就是多八倍,非常的多,而且又是t组输入,所以必定有 ...