Network Address Translation (NAT)
Network Address Translation (NAT) is a method that allows a unique Internet Protocol (IP) address to represent an entire group of computers. For example, the router would assign a device a public address. NAT saves IP addresses by allowing private networks to go online on the Internet. The NAT translates internal network addresses into globally unique IP addresses. NATs can hide the internal network and only show one outside IP address for the internal network to the outer Internet. This way, NAT allows the conservation of IP addresses and improves security.
Looking at the basics, remember that a networked system always requires a unique IP address. An IP address is a 32-bit identifier. Each network running the Transmission Control Protocol/Internet Protocol (TCP/IP) must have a unique IP network address. Likewise, each device must also have a unique IP network address. An IP address is written as four 8-bit fields separated by periods. Each 8-bit field represents a byte of the IP address. This field format is called the dotted-decimal format. The bytes in an IP address are classified into two main components. The first is the network component, and the second is the host part.
The network component specifies the unique number assigned to your network and network class. The host component is assigned to each host. The host component uniquely identifies a specific machine on your network. The network component will be the same on a given network, but each device’s host component must be different.
The first specification for addresses was called IPV4. IPV4 used the above 32-bit address. The rapid growth of the Internet, accompanied by the explosion in the Internet of Things (IoT), has almost exhausted available addresses. The IPV6 was created to address the limits of IPV4. The main difference between IPv4 and IPv6 is the address size of IP addresses. IPv6 increases the IP address from 32 bits to 128 bits to support larger address requirements, which should never be exhausted.
NAT was created (RFC 1631) to address the issue differently and was widely deployed by router manufacturers. NAT allows a firewall or a router to act as an intermediary between the public Internet and private internal networks. NAT allows an entire group of devices to be represented by one IP address outside their network. So incoming requests go to the public IP address, and the NAT routes it to the appropriate internal device destination without revealing confidential information as to the private internal addresses of the destination device.
NAT works by essentially dividing the Internet into two components. First, the router assigns internal devices their IP addresses. Then, when devices on the internal network need to communicate with the Internet, the router sends it out. Returning information is parsed by the router and sent to the correct device.
There are several variants of NAT. They include:
- Overloading Network Address Translation (NAT overload). This variant is a dynamic type of NAT that maps a single registered IP address to multiple unregistered IP addresses. By using different ports.
- Overlapping Network Address Translation (overlapping NAT). Registered IP addresses on your internal network that are used on another network must be kept in a lookup table. Then the router can intercept them and map them to registered unique IP addresses.
- Static Network Address Translation (SNAT). This variant maps an unregistered IP address to a registered IP address. This variant is done one-to-one and is used when devices need access from outside the network.
- Dynamic Network Address Translation (DNAT). Dynamic NAT maps an unregistered IP address to a registered IP address. The registered IP address is from a group of registered IP addresses.
The NAT router maintains a table of addresses to link them to registered unique IP addresses. The NAT router translates registered external IP addresses to those unique to the private network. The NAT router also translates internal IP addresses to unique registered addresses.
The NAT internal network or stub domain is usually a local area network LAN that uses IP addresses internally. Therefore, all the stub domain traffic is localized and remains internal. Typically, stub domains include registered IP and unregistered IP addresses.
NAT has many benefits. These include:
- NAT offers speed advantages over proxy servers, which are considerable. To start with, NAT works at the network layer 3. On the other hand, proxy servers work at network layer 4 (transport layer), which makes them slower.
- NAT is highly flexible and can be used in public wireless LAN environments.
- NAT conserves and helps manage IP registered IP addresses. As a result, NAT allows you to connect many hosts to the worldwide Internet using a smaller number of public (external facing) IP addresses. NAT also provides for easy reuse of private IP addresses.
- NAT brings more security and privacy by obfuscating the IP device address from public networks. This cloaking will prevent the impact of the virus, denial of service (DoS) attacks, and other types of threat actor activity.
- NAT also provides multiple Internet connections to maintain a reliable connection and reduce the probability of service failure. This capability is called multi-homing.
- NAT is more easily scalable and works well with your servers’ dynamic host configuration protocol (DHCP). You can increase required network addresses locally without any need to get registered addresses from Internet registrars.
Want to learn more? Check out our FREE Bugcrowd University to sharpen your hacking skills.
Organizations the world over need your help! Join our researcher community to connect with hundreds of organization programs focused on finding their security vulnerabilities. Our vast directory includes programs for all skill levels, across many industries and from around the world.
Get started with Bugcrowd
Hackers aren’t waiting, so why should you? See how Bugcrowd can quickly improve your security posture.