Network Address Translation is a service that performs the translation of single IP address to multiple internal IPs. Its allow users on a private network to share one public connection provided by ISP. It is same as internet connection sharing but, it is more configurable.

             Network Address Translation (NAT) is the process where a network device, usually a firewall, assigns a public address to a computer (or group of computers) inside a private network. The main use of NAT is to limit the number of public IP addresses an organization or company must use, for both economy and security purposes.
In the mid-1990s NAT became a popular tool for alleviating the consequences of IPv4 address exhaustion. It has become a standard, indispensable feature in routers for home and small-office Internet connections. Most systems using NAT do so in order to enable multiple hosts on a private network to access the Internet using a single public IP address
NAT allows you to take advantage of the reserved address blocks described in RFC 1918, "Address Allocation for Private Internets." Typically, your internal network will be setup to use one or more of these network blocks. They are:
    10.0.0.0/8       (10.0.0.0 - 10.255.255.255)
    172.16.0.0/12    (172.16.0.0 - 172.31.255.255)
    192.168.0.0/16   (192.168.0.0 - 192.168.255.255)
 
How to Works
A table of information about each packet that passes through is maintained by NAT.
When a computer on the network attempts to connect to a website on the Internet:
  • The header of the source IP address is changed and replaced with the IP address of the NAT computer on the way out.
  • The "destination" IP address is changed (based on the records in the table) back to the specific internal private class IP address in order to reach the computer on the local network on the way back in
Network Address Translation can be used as a basic firewall - the administrator is able to filter out packets to/from certain IP addresses and allow/disallow access to specified ports. It is also a means of saving IP addresses by having one IP address represent a group of computers.

NAT can work in several ways:

Static NAT
An unregistered IP address is mapped to a registered IP address on a one-to-one basis - which is useful when a device needs to be accessed from outside the network.
Dynamic NAT
An unregistered IP address is mapped to a registered IP address from a group of registered IP addresses. For example, a computer 192.168.10.121 will translate to the first available IP in a range from Public IP.
Overloading
A form of dynamic NAT, it maps multiple unregistered IP addresses to a single registered IP address, but in this case uses different ports. For example, IP address 192.168.10.121 will be mapped to 212.56.128.122:port_number (212.56.128.122:1080).
Overlapping
This when addresses in the inside network overlap with addresses in the outside network - the IP addresses are registered on another network too. The router must maintain a lookup table of these addresses so that it can intercept them and replace them with registered unique IP addresses.
 
How dynamic NAT works
An internal network (stub domain) has been set up with IP addresses that were not specifically allocated to that company by IANA (Internet Assigned Numbers Authority), the global authority that hands out IP addresses. These addresses should be considered non-routable since they are not unique.
  • The company sets up a NAT-enabled router. The router has a range of unique IP addresses given to the company by IANA.
  • A computer on the stub domain attempts to connect to a computer outside the network, such as a Web   Server.
  • The router receives the packet from the computer on the stub domain.
  • The router saves the computer's non-routable IP address to an address translation table. The router replaces the sending computer's non-routable IP address with the first available IP address out of the range of unique IP addresses. The translation table now has a mapping of the computer's non-routable IP address matched with the one of the unique IP addresses.
  • When a packet comes back from the destination computer, the router checks the destination address on the packet. It then looks in the address translation table to see which computer on the stub domain the packet belongs to. It changes the destination address to the one saved in the address translation table and sends it to that computer. If it doesn't find a match in the table, it drops the packet.
  • The computer receives the packet from the router. The process repeats as long as the computer is communicating with the external system.
 
How overloading works
  • An internal network (stub domain) has been set up with non-routable IP addresses that were not specifically allocated to that company by IANA.
  • The company sets up a NAT-enabled router. The router has a unique IP address given to the company by IANA.
  • A computer on the stub domain attempts to connect to a computer outside the network, such as a Web server.
  • The router receives the packet from the computer on the stub domain.
  • The router saves the computer's non-routable IP address and port number to an address translation table. The router replaces the sending computer's non-routable IP address with the router's IP address. The router replaces the sending computer's source port with the port number that matches where the router saved the sending computer's address information in the address translation table. The translation table now has a mapping of the computer's non-routable IP address and port number along with the router's IP address.
  • When a packet comes back from the destination computer, the router checks the destination port on the packet. It then looks in the address translation table to see which computer on the stub domain the packet belongs to. It changes the destination address and destination port to the ones saved in the address translation table and sends it to that computer.
  • The computer receives the packet from the router. The process repeats as long as the computer is communicating with the external system.
  • Since the NAT router now has the computer's source address and source port saved to the address translation table, it will continue to use that same port number for the duration of the connection. A timer is reset each

Additional information

Commentics

<p>Currently under general maintenance.</p><p>Please check back shortly. Thanks.</p>