NAT — SNAT, DNAT, PAT & Port Forwarding
In the initial years of the internet….
In the initial years of the internet, computers on a private network connected to the internet in this way:
- A unique public IP address was assigned to each device on the network. These all are at the LAN(Local Area Network) side of the default gateway.
- Assign the IP address of the ISP(Internet Service Provider) to the WAN(Wide Area Network) side of the default gateway.
- Every computer knows the default gateway’s IP address.
All the IPs in this setup are public IPs and this system poses 2 big problems:
- Security Vulnerability: Since the IPs of the network are all public, anyone can access this “private” network.
- IP address exhaustion: As the growth of the internet began, IP addresses started getting lesser and lesser available.
To tackle these problems, NAT or Network Address Translation comes to the rescue. NAT is a technique in which a router or a similar device translates one IP address into another IP address. To be more specific, a router translates the private address of an internal host into a public IP address for outgoing traffic. And the opposite, the router also translates its own public IP address into a private one for the incoming traffic.
A point to be made is that private IP addresses are free to use but they are not routable.
In short, NAT improves security as it hides internal hosts’ IP addresses. Network Address Translation (NAT) is designed for IP address conservation. It enables private IP networks that use unregistered IP addresses to connect to the Internet.
There are 4 types of NAT:
- Static NAT (SNAT) — A type of network where one private address is mapped with one public IP address. These IP addresses never change
SNAT allows internal hosts/servers to have a private IP address and still access the internet. But this kind of setup is wasteful of expensive public IPs. SNAT deals more with incoming traffic.
- Dynamic NAT (DNAT) — The mapping of an internal private IP address into the router’s public IP is dynamic. This is also called IP masquerading. The outgoing traffic carries “a” public IP of the router. When data comes in, it is looked upon in the NAT table for its destination address.
This setup is more secure as hackers can’t get the host address straight away. But still expensive.
Deals more with outbound traffic.
- Port Address Translation (PAT) — Each host on a LAN has its IP address translated into the router’s WAN side IP with a different port number. This makes each session unique. It is the most common form of NAT. There are a total of 65536 ports.
- Port Forwarding — Deals more with incoming traffic. It is used when a single public IP address works with several public servers.