http://whatismyipaddress.com/nat

What is Network Address Translation?

Network Address Translation (NAT) is the process where a network device, usually a firewall, assigns a public address to a computer (or group of computers) inside a private network. The main use of NAT is to limit the number of public IP addresses an organization or company must use, for both economy and security purposes.

The most common form of network translation involves a large private network using addresses in a private range (10.0.0.0 to 10.255.255.255, 172.16.0.0 to 172.31.255.255, or 192.168.0 0 to 192.168.255.255). The private addressing scheme works well for computers that only have to access resources inside the network, like workstations needing access to file servers and printers. Routers inside the private network can route traffic between private addresses with no trouble. However, to access resources outside the network, like the Internet, these computers have to have a public address in order for responses to their requests to return to them. This is where NAT comes into play.

Internet requests that require Network Address Translation (NAT) are quite complex but happen so rapidly that the end user rarely knows it has occurred. A workstation inside a network makes a request to a computer on the Internet. Routers within the network recognize that the request is not for a resource inside the network, so they send the request to the firewall. The firewall sees the request from the computer with the internal IP. It then makes the same request to the Internet using its own public address, and returns the response from the Internet resource to the computer inside the private network. From the perspective of the resource on the Internet, it is sending information to the address of the firewall. From the perspective of the workstation, it appears that communication is directly with the site on the Internet. When NAT is used in this way, all users inside the private network access the Internet have the same public IP address when they use the Internet. That means only one public addresses is needed for hundreds or even thousands of users.

Most modern firewalls are stateful - that is, they are able to set up the connection between the internal workstation and the Internet resource. They can keep track of the details of the connection, like ports, packet order, and the IP addresses involved. This is called keeping track of the state of the connection. In this way, they are able to keep track of the session composed of communication between the workstation and the firewall, and the firewall with the Internet. When the session ends, the firewall discards all of the information about the connection.

There are other uses for Network Address Translation (NAT) beyond simply allowing workstations with internal IP addresses to access the Internet. In large networks, some servers may act as Web servers and require access from the Internet. These servers are assigned public IP addresses on the firewall, allowing the public to access the servers only through that IP address. However, as an additional layer of security, the firewall acts as the intermediary between the outside world and the protected internal network. Additional rules can be added, including which ports can be accessed at that IP address. Using NAT in this way allows network engineers to more efficiently route internal network traffic to the same resources, and allow access to more ports, while restricting access at the firewall. It also allows detailed logging of communications between the network and the outside world.

Additionally, NAT can be used to allow selective access to the outside of the network, too. Workstations or other computers requiring special access outside the network can be assigned specific external IPs using NAT, allowing them to communicate with computers and applications that require a unique public IP address. Again, the firewall acts as the intermediary, and can control the session in both directions, restricting port access and protocols.

NAT is a very important aspect of firewall security. It conserves the number of public addresses used within an organization, and it allows for stricter control of access to resources on both sides of the firewall.

Related Articles

What is Network Address Translation?---reference的更多相关文章

  1. Network Address Translation(转载)

    Network Address Translation  来源:http://alexanderlaw.blog.hexun.com/9791596_d.html       地址转换用来改变源/目的 ...

  2. NAT(Network Address Translation)

    一.概述 NAT英文全称是“Network Address Translation”,中文意思是“网络地址转换”,它是一个IETF(Internet Engineering Task Force, I ...

  3. NAT Network Address Translation,网络地址转换

    Network Address Translation,网络地址转换

  4. iptables 网址转译 (Network Address Translation,NAT)

    当封包流经NAT電腦時,其位址/通訊端口會被修改,以達到改变包目的地(或旅程),或是让目的地误以为包是源自NAT电脑的效果.換言之,对封包执行NAT的电脑,可以成为新包的来源或目的地,或是成为真正来源 ...

  5. Internet protocol security (ipsec) packet processing for multiple clients sharing a single network address

    Embodiments of the present invention address deficiencies of the art in respect to secure communicat ...

  6. [转]Peer-to-Peer Communication Across Network Address Translators

    Peer-to-Peer Communication Across Network Address Translators Bryan Ford Massachusetts Institute of ...

  7. PatentTips - DMA address translation between peer-to-peer IO devices

    BACKGROUND As processing resources have increased, demands to run multiple software programs and ope ...

  8. PatentTips - Supporting address translation in a virtual machine environment

    BACKGROUND A conventional virtual-machine monitor (VMM) typically runs on a computer and presents to ...

  9. Linear to physical address translation with support for page attributes

    Embodiments of the invention are generally directed to systems, methods, and apparatuses for linear ...

随机推荐

  1. 21天学通C++学习笔记(一):入门

    1. 基础概念 1.1 编程语言 旨在让人更容易得使用计算资源,充分利用电脑,不用人做一些重复劳动或持续参与. 1.2 可执行文件 是可运行的成品,应按程序员希望的那样做. 1.3 生成可执行文件的步 ...

  2. 家用wifi信号覆盖增强扩展实用指南

    家用wifi信号覆盖增强扩展实用指南 现在网上很多号称穿墙王的无线路由器,但是一般用起来效果都不理想,其实最主要的原因还是家里面一般每个房间不大,但是墙比较多.并且一般也没有一个所谓的中心点放置路由器 ...

  3. this、static、main方法、静态代码块、final关键字、Runtime类、Cloneable类、类成员的访问控制权限、异常体系

    this表示当前对象,用在方法内部,当某对象调用该方法时,该方法中的this就代表调用该方法的对象: static关键字: 修饰类属性后,该属性就成为该类所有实例的公共属性,修改该属性值,所有的实例的 ...

  4. 20165219 2017-2018-2 《Java程序设计》第7周学习总结

    20165219 2017-2018-2 <Java程序设计>第7周学习总结 课本知识总结 第11章 JDBC与MySQL数据库 连接数据库 1下载JDBC-MySQL数据库驱动 2 加载 ...

  5. tcp连接过程中的三次握手和四次挥手

    在TCP/IP协议中,TCP协议提供可靠的连接服务,采用三次握手握手建立连接 @第一次握手: 建立连接是,客户端A发送SYN包到服务器B,并进入SYN_SEND状态,等待B确认. @第二次握手: 服务 ...

  6. django中itsdangerous的用法

    itsdangerous用来解决什么问题,为什么需要用到itsdangerous? 安装命令:pip install itsdangerous 有时候你想向不可信的环境发送一些数据,但如何安全完成这个 ...

  7. JDBC记录

    13:55 2018/7/22 用于执行SQL语句的Java API,可以为多种关系数据库提供统一访问 ---------常用API--------- |- Driver接口: 表示java驱动程序接 ...

  8. Python中lambda表达式

    一.lambda表达式形式 lambda后面跟一个或多个参数,紧跟一个冒号,以后是一个表达式.冒号前是参数,冒号后是返回值. lambda是一个表达式而不是一个语句. lambda表达式可以出现在Py ...

  9. 栈 - 20 Valid Parentheses, 150 Evaluate Reverse Polish Notation

    class Solution { public: bool isValid(string s) { stack<char> st; ; i<s.size(); i++){ if(s[ ...

  10. Python-append()/extend()

    append()向列表尾部添加一个新的元素,只接受一个参数 extend()只接受一个列表作为参数,将参数中的每个元素都添加到原列表 append()用法示例: >> mylist = [ ...