http://whatismyipaddress.com/nat

What is Network Address Translation?

Network Address Translation (NAT) is the process where a network device, usually a firewall, assigns a public address to a computer (or group of computers) inside a private network. The main use of NAT is to limit the number of public IP addresses an organization or company must use, for both economy and security purposes.

The most common form of network translation involves a large private network using addresses in a private range (10.0.0.0 to 10.255.255.255, 172.16.0.0 to 172.31.255.255, or 192.168.0 0 to 192.168.255.255). The private addressing scheme works well for computers that only have to access resources inside the network, like workstations needing access to file servers and printers. Routers inside the private network can route traffic between private addresses with no trouble. However, to access resources outside the network, like the Internet, these computers have to have a public address in order for responses to their requests to return to them. This is where NAT comes into play.

Internet requests that require Network Address Translation (NAT) are quite complex but happen so rapidly that the end user rarely knows it has occurred. A workstation inside a network makes a request to a computer on the Internet. Routers within the network recognize that the request is not for a resource inside the network, so they send the request to the firewall. The firewall sees the request from the computer with the internal IP. It then makes the same request to the Internet using its own public address, and returns the response from the Internet resource to the computer inside the private network. From the perspective of the resource on the Internet, it is sending information to the address of the firewall. From the perspective of the workstation, it appears that communication is directly with the site on the Internet. When NAT is used in this way, all users inside the private network access the Internet have the same public IP address when they use the Internet. That means only one public addresses is needed for hundreds or even thousands of users.

Most modern firewalls are stateful - that is, they are able to set up the connection between the internal workstation and the Internet resource. They can keep track of the details of the connection, like ports, packet order, and the IP addresses involved. This is called keeping track of the state of the connection. In this way, they are able to keep track of the session composed of communication between the workstation and the firewall, and the firewall with the Internet. When the session ends, the firewall discards all of the information about the connection.

There are other uses for Network Address Translation (NAT) beyond simply allowing workstations with internal IP addresses to access the Internet. In large networks, some servers may act as Web servers and require access from the Internet. These servers are assigned public IP addresses on the firewall, allowing the public to access the servers only through that IP address. However, as an additional layer of security, the firewall acts as the intermediary between the outside world and the protected internal network. Additional rules can be added, including which ports can be accessed at that IP address. Using NAT in this way allows network engineers to more efficiently route internal network traffic to the same resources, and allow access to more ports, while restricting access at the firewall. It also allows detailed logging of communications between the network and the outside world.

Additionally, NAT can be used to allow selective access to the outside of the network, too. Workstations or other computers requiring special access outside the network can be assigned specific external IPs using NAT, allowing them to communicate with computers and applications that require a unique public IP address. Again, the firewall acts as the intermediary, and can control the session in both directions, restricting port access and protocols.

NAT is a very important aspect of firewall security. It conserves the number of public addresses used within an organization, and it allows for stricter control of access to resources on both sides of the firewall.

Related Articles

What is Network Address Translation?---reference的更多相关文章

  1. Network Address Translation(转载)

    Network Address Translation  来源:http://alexanderlaw.blog.hexun.com/9791596_d.html       地址转换用来改变源/目的 ...

  2. NAT(Network Address Translation)

    一.概述 NAT英文全称是“Network Address Translation”,中文意思是“网络地址转换”,它是一个IETF(Internet Engineering Task Force, I ...

  3. NAT Network Address Translation,网络地址转换

    Network Address Translation,网络地址转换

  4. iptables 网址转译 (Network Address Translation,NAT)

    当封包流经NAT電腦時,其位址/通訊端口會被修改,以達到改变包目的地(或旅程),或是让目的地误以为包是源自NAT电脑的效果.換言之,对封包执行NAT的电脑,可以成为新包的来源或目的地,或是成为真正来源 ...

  5. Internet protocol security (ipsec) packet processing for multiple clients sharing a single network address

    Embodiments of the present invention address deficiencies of the art in respect to secure communicat ...

  6. [转]Peer-to-Peer Communication Across Network Address Translators

    Peer-to-Peer Communication Across Network Address Translators Bryan Ford Massachusetts Institute of ...

  7. PatentTips - DMA address translation between peer-to-peer IO devices

    BACKGROUND As processing resources have increased, demands to run multiple software programs and ope ...

  8. PatentTips - Supporting address translation in a virtual machine environment

    BACKGROUND A conventional virtual-machine monitor (VMM) typically runs on a computer and presents to ...

  9. Linear to physical address translation with support for page attributes

    Embodiments of the invention are generally directed to systems, methods, and apparatuses for linear ...

随机推荐

  1. angular formBuilder

  2. Java代码生成16位纯数字的订单号

    //生成16位唯一性的订单号 public static void getUUID(){ //随机生成一位整数 int random = (int) (Math.random()*9+1); Stri ...

  3. [SCOI2007]最大土地面积(旋转卡壳)

    首先,最大四边形的四个点一定在凸包上 所以先求凸包 有个结论,若是随机数据,凸包包括的点大约是\(\log_2n\)个 然鹅,此题绝对不会这么轻松,若\(O(n^4)\)枚举,只有50分 所以还是要想 ...

  4. BZOJ1012 [JSOI2008]最大数 线段树

    题目描述 现在请求你维护一个数列,要求提供以下两种操作: 1. 查询操作. 语法:Q L 功能:查询当前数列中末尾L个数中的最大的数,并输出这个数的值. 限制:LLL不超过当前数列的长度.(L> ...

  5. 通过文件路径读取CSV表格内的数据

    ReadDataFromCSV.h UCLASS() class MYPROJECT_API UReadDataFromCSV : public UBlueprintFunctionLibrary { ...

  6. jenkins官方文档(中文版)

    https://www.w3cschool.cn/jenkins/

  7. 使用navicat将mysql转换成sqlserver

    使用navicat将mysql转换成sqlserver 1. 打开navicat,连接所需要装换的mysql数据库. 2. 选择所需要转换的数据源,点击右键选择数据传输.如图: 3. 打开数据传输面板 ...

  8. Qt 学习之路 2(66):访问网络(2)

    Home / Qt 学习之路 2 / Qt 学习之路 2(66):访问网络(2) Qt 学习之路 2(66):访问网络(2)  豆子  2013年10月31日  Qt 学习之路 2  27条评论 上一 ...

  9. AndroidManifest.xml警告

    新建一个android项目后,AndroidManifest.xml有一个黄色警告 作为一个新手,不知道这个警告来自哪里,点击界面下方的不同标签,才知道来自图中的位置 第8行中,application ...

  10. hexo 博客

    梦飞扬~ 个人网站:Mauger`s Blog 博客园 标签 新随笔 随笔 管理 Github 随笔 - 61  文章 - 1  评论 - 0 使用Node.js+Hexo+Github搭建个人博客 ...