Fundamentals of communication and networkingː Network Address Translation (NAT)

PAPER 2 - ⇑ Fundamentals of communication and networking ⇑

← Public and private IP addresses Network Address Translation (NAT) Port forwarding →

Network Address Translation edit

Network Address Translation (NAT) is a process where an IP packet goes through a device, usually a router, and the source and/or destination IP address is swapped for a different one.

NAT Using a Pool of Addresses edit

Imagine the scenario where a company with 1000 IP devices has been allocated a class C IP address. This only gives the company 245 unique address it can use. Thus the company uses a private address range internally such as . This class B network has over 65,000 addresses. However these addresses are non-routable in the Internet and IP packets with this as a source address will not be returned if they make it out to the Internet. The addresses are called Local Addresses. The Class C addresses are called Public Addresses. A router on the edge of the network connects the LAN (or LANs) inside the company to the ISP. This edge router hold a list of the allocated address from the Class C range. This is referred to as the NAT pool.

This edge router then looks for IP packets which have a destination address out on the Internet. Before the packet is sent to the ISP, the router swaps the source address (local address) in the IP Packet for an address from the NAT pool (public address). The process of swapping is called translation. A copy of translation is kept. The IP packet then traverses the Internet and hits the destination device. The reply is formed and the return IP packet is generated. The sources address the packet came in with (the public address from the NAT pool) now becomes the destination address for the return journey. The public address is routable and thus the packet is routed back to the edge router of the companies network. Here the original translation was recorded so the reverse translation can be performed on the destination address. The packets public destination address is swapped for the local address. The packet now has a destination address of the original sources and is returned to the originator.

Clearly the translation must be maintained in memory to allow the return packet to be translated back. On some occasions one outbound packet may result in my hundreds of return packets and thus the same translation will be used by all. However after some time we can assume no more packets will be comming back and the translation record can be deleted. This is typically 60–120 seconds. (How long do you wait for a web page to load before you give up ?)

Exercise: NAT
Which address in an IP packet is swapped by the edge router during NAT as an IP packet heads out to the Internet?


The source address is swapped as a packet heads out.
Which address in an IP packet is swapped by the edge router by NAT as an IP packet returns from the Internet?


The destination address is swapped as the packet returns.
Does a destination server on the Internet, know the original IP address a request came from if it went through NAT ?


It cannot see this in the IP header because the address has been swapped for the public address, therefore the answer is no. However fields higher in the protocol may contain the source IP address, albeit not for routing purposes.

NAT Using a Single Addresses edit

In the early days of the Internet, when a home user connected to the Internet via an ISP, the ISP had enough public IP addresses to give each user their own public IP address for the duration of their connection. Each home user had one PC and this device received this public address. However most home users now connect many devices to the Internet via their ISP. The ISPs do not have enough addresses to give each home several addresses. Hence as of today (2016), a home is given one IP address and this sits on the home router's external interface. Internally the home network use private address and the router's internal (LAN) interface has one of these addresses. The home devices then each get a unique address from the private range. Thus whenever an internal device sends an IP packet out to the Internet, it 'borrows' the single public address. The same is also true for small offices of just a handful of users. Hence the term 'SOHO' (Small Office/ Home Office). This process of NAT where there is only one public IP addresses is also known as NAT - overloading or Port Address Translation (PAT). (The extension exercise will reveal why it has the latter name)


Above is a typical home network showing several devices on a home network with private addresses from the class C network. The ISP has allocated an address which is allocated to the interface on the router connecting to the Internet. This is called the public address. Devices can communicate internally using their private addresses, but must 'borrow' the public address when sending packets out onto the Internet.


Take an example of a PC on internal network with an IP address of

  1. It generates a web request to a server at address
  2. The packet is generated with source address (SA) and destination address (DA)
  3. It is sent the edge router because the destination is not on this LAN.
  4. The edge router realises it is going to send this packet out to the Internet and thus performs NAT. The source address is swapped for the public address. The translation is recorded.
  5. The packet now has SA and DA and it heads off to the web server.
  6. The web server generates the reply and swaps the sources and destination addresses.
  7. The packet now has SA and DA and makes it way back to the router.
  8. The router recalls the translation and swaps the destination address back.
  9. The packet now has SA and DA and is sent back to the originating PC.
Addressing and NAT

In the case where the company had 1000 computers and only a class C network, how many users would be able to get access to the Internet. What happens when a user has finished their Internet session or turned off their PC ?

In a SOHO network there is only one public IP address. Does this mean only one user can use the Internet at any one time ?