3.3 Network Address Translation
With NAT all devices in a local network share just one IPv4 address from the outside world point of view.
This means every datagram that leaves a local network has the same source NAT IP address, but different source port numbers.Every device in a local network has a 32 bit address in a “private” IP address space, that can only be used in the local network, since these private IP address spaces only work in the local network and don’t comunicate with the outer internet.
These private IP address spaces are:
- 10/8
- 172.16/12
- 192.168/16
Advantages:
- all devices in a local network use ONE IP address
- can change ISP without changing addresses of devices in a local network
- security: devices inside a local network are not directly accessible by the outside world
3.3.1 Implementation
The NAT router must now keep a NAT translation table.
It must transparently:
- replace every source IP address and port number of every outgoing datagram to the NAT IP address and new port number
- remember every (source IP address, port number) to (NAT IP address, new port number) translation pair.
- for the incoming datagrams perform the inverse translation.
NAT translation table:
WAN address LAN address 138.76.29.7, 5001 10.0.0.1, 3345 138.76.29.7, … 10. … , … 3.3.2 NAT controversy
Link to original
- routers should only process up to layer 3, instead it changes things from layer 4, address and port
- address shortage should be solved by IPv6
- violates end-to-end argument, information should be exchanged end-to-end, nobody in the middle should change this information, instead the router does
- NAT traversal: what if a client wants to connect to server behind NAT? → Port Forwarding: we have to insert manually a line in the NAT table, binding every (NAT address , port xx) to (server’s LAN address, port yy). So every request from outside coming for port xx, goes directly to the server, port yy.