Network Address Translation

Network Address Translation (NAT) is the ability to translate a private Internet Protocol (IP) address or a group of IP addresses into a single, public IP address. This can allow you to hide private Internet Protocol (IP) addresses to protect them from IP scans, which are often precursors to attacks.

How Does NAT Work?

A Network Address Translation works by selecting gateways that sit between two local networks: the internal network, and the outside network. Systems on the inside network are typically assigned IP addresses that cannot be routed to external networks (e.g., networks in the 10.0.0.0/8 block).

A few externally valid IP addresses are assigned to the gateway. The gateway makes outbound traffic from an inside system appear to be coming from one of the valid external addresses. It takes incoming traffic aimed at a valid external address and sends it to the correct internal system.

This helps ensure security. Because each outgoing or incoming request must go through a translation process that offers the opportunity to qualify or authenticate incoming streams and match them to outgoing requests, for example.

NAT conserves the number of globally valid IP addresses a company needs and — in combination with Classless Inter-Domain Routing (CIDR) — has done a lot to extend the useful life of IPv4 as a result. NAT is described in general terms in IETF RFC 1631.