Types of NAT
NAT can be static or dynamic. In static NAT, there is a one-to-one mapping between each private address and a public address. The NAT process consists of modifying the source IP address on outgoing packets to the public address, and modifying the destination IP address on incoming packets to the private address. In this situation, an organization is required to have as many public network addresses as private network addresses, which sometimes isnt possible (for technical or political reasons). In dynamic NAT, there is a pool of public addresses, and internal hosts needing Internet connectivity will be mapped to the next available public address on an as-needed basis. When the connection is terminated, the public address is returned to the pool, to be used again. Because of this re-use, it is possible to have a smaller number of public addresses than you have machines with private addresses as long as all of the internal machines arent using the Internet simultaneously.
A variation on dynamic NAT is Port Address Translation (PAT). PAT, sometimes known as single address NAT, is a specific case of NAT in which there is one external address, and multiple internal computers connecting to Internet hosts through it. In this case, not only does the IP address in the packet change so does the TCP/IP port number. (This is required because multiple internal connections are sharing the same public IP address simultaneously, and a connection using the same port number on the public address cant be guaranteed, since someone else may already have it.) An alternate explanation of PAT is that it is used to redirect requests for access to a specific port number on the external address, to a specific internal machine, based on a table of address/port redirections set up by the administrator.
For example, if you have one external address, you might redirect port 80 packets to a web server in your network, port 25 packets to a mail server, etc. In this case, the port number of the packet doesnt change, but the address does.
Home - Table Of Contents - Contact Us
CertiGuide for Security+ (http://www.CertiGuide.com/secplus/) on CertiGuide.com
Version 1.0 - Version Date: November 15, 2004
Adapted with permission from a work created by Tcat Houser et al.
CertiGuide.com Version © Copyright 2004 Charles M. Kozierok. All Rights Reserved.
Not responsible for any loss resulting from the use of this site.