If you’ve seen references to Network Address Translation (NAT) but never really dug into what it does and why we have it, this 411 installment is for you.

Old School IP

Once upon a time, 4.3 billion possible IP addresses was enough for everybody. Oh, those days were so simple, weren’t they? Now the Internet is all grown up and is running out of unassigned IP numbers. One estimate shows that in five or six years all IP addresses will have been handed out, and then somebody is in big trouble, mister.

This is all because our IP addresses are (only) 32 bits long, thanks to the architects Internet Protocol version 4 (IPv4). Nobody foresaw just how many IPs a networked planet would need.

New School IP

So the wheels are in motion to get everyone to move to IPv6, which has a 128-bit address scheme. This would allow for 3.4 trillion billion billion billion addresses, which by all accounts should hold us for quite awhile. If each mite on the dust bunnies in your computer case needs an IP address, there are plenty to go around.
In the meantime, we need to mitigate the problem of running out of 32-bit IP addresses, and Network Address Translation (NAT) is one technique that can help quite a bit. We’ll talk about how, after the jump:

Got NAT?

A private network - perhaps like the one you have at home - doesn’t need a public IP address for every workstation, it only needs one public IP addresses for the firewall or router. A router/firewall equipped with Network Address Translation can do the following:

• Get an outbound requests from a private network device, and track the connection information in an address translation table
• Rewrite the request’s packet addresses so they look like they’re coming from the firewall’s IP address
  Send the packets out to the Internet
• Get the response back from the Internet
• Use the address translation table to figure out which private network address needs the response
• Rewrite the response’s packet addresses to contain the correct private network address
• Send the response back to the private network device

NAT not only makes it easy to conserve public IP numbers, it also provides a significant level of security. Because any connection with the Internet must be initiated on the private network, intrusion attempts initiated on the Internet are very difficult to accomplish. Devices on the public Internet have no insight to the private network topology, and thus cannot directly contact any devices therein.

NAT isn’t perfect, of course. Some protocols call for connection initiation at both ends, something NAT doesn’t allow without opening extra ports in the firewall. Still, NAT is useful both as a way of conserving public IPv4 addresses and for security purposes.

For more information, we recommend “How Network Address Translation Works” as a good resource. Wikipedia also has a good overview of NAT.

(In the meantime, you might want to clean out those dust bunnies.)