Types of Network Address Translation
Network Address Translation (NAT) can be configured to work on your network a few different ways. The type of NAT you choose to implement depends on what your goals are for NAT and your public address management. NAT methods include
Static NAT: Puts a permanent mapping between an internal private address and a public address. In this scenario, 192.168.8.50 will always map out to 192.0.2.75. This type of NAT may be used for allowing traffic into a mail server or web server.
Dynamic NAT: Puts a dynamic mapping between an internal private address and a public address. This also creates a one-to-one relationship on a first-come-first-served basis. The public address that is used by private devices can change over time and cannot be trusted. This would allow systems out, when you are not concerned with outside devices trying to connect in, as with the previous web server example.
Overloading: This is also known as Port Address Translation (PAT). In this case, multiple internal devices are able to share one public address, as mappings are placed into the mappings table based on the source and destination ports that are used. As long as ports are available to be remapped, then any number of devices can share a very small pool of public addresses or just one public address.
Overlapping: NAT can be used when public or registered addresses are used inside your network. In this case, you may use a public address block on multiple internal networks. NAT allows you to translate those internal addresses to other publicly accessible addresses when you connect to the public side of the router.
Many people quickly become lost understanding local, global, inside, and outside addresses. The following list describes the different types of addresses:
Local: This refers to what happens on the inside of your network.
Global: This refers to what happens on the outside of your network.
Inside Local Address: This is an address of a host on your internal network, for example, 192.168.8.25.
Inside Global Address: This is the mapped address that people on the Internet would see, which represents the inside host.
Outside Global Address: The IP address of a remote Internet-based host as assigned by the owner that can communicate with an inside host, for example, 192.0.2.100.
Outside Local Address: This is the address that the inside hosts use to reference an outside host. The outside local address may be the outside host’s actual address or another translated private address from a different private address block.
Therefore, the router could translate that address to 192.168.10.50, or it could be the public address of the external host. The internal hosts would contact this address to deal with the external host.
The following list summarizes the basic process that NAT follows:
An internal host (HostA) sends an IP packet to an external host (HostB).
When the packet arrives at the router, the router examines the packet and sees whether the NAT configuration is supposed to apply to it.
The source IP address and port are recorded in the mapping table and matched to an external address and port on the router. This may be in the external range of addresses or be the actual router’s address, based on the NAT configuration.
The data is sent to HostB referencing the mapped address information as the source of the new IP packet.
When HostB sends data back to HostA, HostB references the known source address (192.0.2.100) in the IP packet that it received.
When the router receives the IP packet, it examines its mapping table and finds the referenced destination IP address information and the internal it maps to. When the mapping is found in the table, it re-addresses the destination address in the IP packet and sends it onto the new destination.
The IP packet arrives at HostA using its internal network address.
A timer is set when dynamic entries are added to the mapping table. Every time that mapping is used, the timer is reset. If the mapping is not used before the timer expires, then that mapping is removed from the mapping table.