This introductory article goes over the importance of the Network Address Translation (NAT) and how it works.
Table of Contents
Despite serving as the universal protocol for Internet Traffic, IPv4 has a finite number of IP Addresses available. Although IPv6, with its seemingly infinite number of IP addresses, will eventually supersede IPv4, Network Address Translation, or “NAT” for short, helps preserve the finite number of IPv4 addresses available for Internet traffic.
Specifically, NAT Masquerade allows the Private Hosts on the LAN to reuse the single Public IP Address assigned to the Internet Gateway. To do this, NAT builds a table of connections passing through the Internet Gateway, then randomly assigns a Port Number to track each unique connection, despite using the same IP address.
In this way, an Internet Gateway rewrites—or translates, either the Source or Destination Address contained in the IP Packet, based on the information stored in the NAT Table. NAT Tables are a form of connection tracking, and allow a Gateway/Router with NAT to modify IP info contained in the packet, while still supporting end-to-end communication. In what is called Source NAT, an Internet Gateway rewrites the Source Address as its Public IP address (ex. 188.8.131.52) on outbound packets, then rewrites the host's Private IP address (ex. 10.0.0.2) on inbound packets belonging to the same connection.
And while SOHO Networks commonly use Source NAT, Destination NAT also exists to rewrite a Packet’s Destination IP, like in cases where an Internet Gateway and/or Firewall sits between, say, a Web Server and a large number of Internet Clients.
|UniFi Security Gateway (USG) applies Source NAT to translate the Host's Private IP address to USG's Public IP address. Only the source address is changed (with a random port assignment used to track the connection in the Router's NAT Table).|