NAT - Network Address Translation
Kushagra Goyal
NAT (Network Address Translation) acts as a translator for devices within a local network. It allows them to share a single public IP address when connecting to the internet, providing security and conserving limited IPv4 addresses.
Let’s first talk about how things work on your local network
When you are connected to your Wi-Fi or router, you are already within a local network. This means that when you connected to the router, it assigned a private IP address to your device
When a device (Device 1) wants to connect to another device (Device 3) within the local server, it provides the destination IP address along with the port number in the URL, and then it types the specific route into the browser.
First, after the network layer, we have the destination IP address and the port number, but we still need the MAC address. The system obtains the destination MAC address using ARP (Address Resolution Protocol).
ARP (Address Resolution Protocol) creates a broadcast message that is sent to all devices connected to the router. All the devices respond with their packets, and the router maps the IP addresses of all the devices with their corresponding MAC addresses, creating what is known as the ARP cache.
Since the destination IP address is within our local network, when the packets reach the router, the router acts like a switch and forwards the packets to the intended server by checking the MAC address.
It's important to note that while the router emits radio waves to all devices connected to it, not every data packet is broadcast to every device. The radio waves cannot be intercepted by the other devices connected to the router.
As the intended server receives the request, it responds with the specific data, and this completes the connection.
When the server is over the internet
NAT is a mapping that is stored in the router. When a request from device 1 arrives at the router, it checks whether the destination is within the local network or over the internet. If it's over the internet, the router changes the private IP and port to its own public IP and port and then forwards the request to the server. This is a type of firewall and a security measure to keep users' information private.
The mapping is stored in the router -
The request is created on the client with the destination IP and port. It first checks if the destination is on the local network or over the internet. If the destination is over the internet, the user creates a request and sends it to the router with the destination MAC address of the router.
When the request arrives at the router, the router checks the MAC address. If the MAC address is the router's MAC, the router forwards the request to the ISP by creating a NAT mapping.
The request arrives at the server over the internet with the source IP of the router, and thus the server responds with the specific data.
One to One NAT (Full-cone NAT)
This NAT allows anyone to create a connection, making it the least secure NAT configuration.
Address Restricted NAT
This NAT allows the creation of a connection if a previous connection was made with the specific device, as it checks the NAT table.
PORT Restricted NAT
This NAT checks both the address and the port. If found, it allows the connection.
Symmetric NAT
This NAT configuration checks the external IP with the external port, along with the destination IP and destination port. If found, it allows the connection. This is the most secure NAT configuration.
References
NAT Explained - Hussein Nasser (Helped a lot)
Subscribe to my newsletter
Read articles from Kushagra Goyal directly inside your inbox. Subscribe to the newsletter, and don't miss out.
Written by