Skip to content

Network Address Translation (NAT)

Firewalls have low security areas (the outside) and high security areas (the inside) attached to their network interfaces. Network Address Translation (NAT) is a protocol that firewalls use to translate publicly routable IP addresses on the 'outside' to private IP addresses which are not routable on the Internet on the inside. This makes it more difficult for attackers to connect to a host protected by the firewall. A firewall providing NAT will receive a request from a protected host, strip the non-routable private IP address from the IP datagram and replace that address with a public IP address that is routable on the Internet. Thus, external hosts cannot directly connect to protected hosts as the private IP addresses are blocked within the architecture of the Internet itself.

NAT with Overload (Port Address Translation)

When an outside IP address is used by multiple hosts on different virtual ports, the NAT process is often referred to as NAT with Overload. This allows multiple hosts to use one outside address and to share the virtual port numbers available to the firewall. TCP /IP supports up to 64,000 virtual ports so many hosts can easily share the single external IP address. This is sometimes called Proxy Address Translation or Port Address Translation.

Share This:

If you found this tutorial useful, please DONATE! Donations support the creation and maintenance of this, and other tutorials throughout this site.