NAT: Network Address Translation.
Everyone has a LAN with a PRIVATE ADDRESS. At home you have a LAN with the address 192.168.1.0 (example), now you are in your office and your LAN's address is 192.168.1.0 (example again). Most of people at home have that address (192.168.1.0) this is a PRIVATE ADDRESS and it CANNOT BE USED on internet.
Now, when you go to the internet, you must have a PUBLIC ip address which is assigned by your ISP (there're RIPE, ARIN and so on which decide which country / region / nation have the class XXX.XXX.XXX.XXX). This class is then assigned to the "local" ISP (there are 3 levels of ISPs). Now, let's go back to your ISP. Your router receive a PUBLIC address: 212.243.60.10 (example), you can surf the internet and everything works fine. Nothing special is configured on your router, and everything works! One day you decide to connect another pc to your home network and you notice that that you can surf only with one computer at time, not both together.
Here comes the NAT. Your router has ONE public IP and it MUST use this address in order to surf. If you try 2 PCs at the same time, your router says: "Hei! My public IP is already used by PC1 with the PRIVATE IP 192.168.1.10, I cannot bring another pc to the internet... I HAVE NO MORE IP ADDRESSES AVAILABLE". To resolve this problem, you can buy another public IP from your ISP, or, better, you can use NAT or IP MASQUERADING.
Let's write some data:
LAN address: 192.168.1.0
PC1: 192.168.1.10
PC2: 192.168.1.20
ROUTER: 192.168.1.1
PUBLIC IP: 212.243.60.70
Your router now has a NAT TABLE activated and PC1 (192.168.1.10) want to surf to a website (so, port 80). On the NAT table, your router will write:
Code:
192.168.1.10:80 ---> www.computerhelp.forum:80
Now, PC2 wants to open google.com, on the NAT table of your router you will see:
Code:
192.168.1.20:80 ---> www.google.com:80
Now the NAT table looks like this:
Code:
192.168.1.10:80 ---> www.computerhelp.forum:80
192.168.1.20:80 ---> www.google.com:80
The problem persists because of your router doesn't have 2 public IPs and cannot give the internet to both PCs.
This process is called NAT. Now, you need that EACH PRIVATE IP IS TRANSLATED TO A
SINGLE PUBLIC IP.
You need the IP MASQUERADING technology.
Everytime you create a connection, this is made of 2 sockets, your client will send a request to the public address 195.90.100.30 (example) on port 80 with its PRIVATE IP and port (80). THE ROUTER NOW must translate (or better, masquerade) the PRIVATE IP AND PORT with the public one and change the port number to a higher value. This process is saved on the NAT TABLE.
Code:
[code]192.168.1.10:80 ---> 195.90.100.30:80
192.168.1.10:80 ---> 212.243.60.70:20100
212.243.60.70:20100 ---> 195.90.100.30:80
When the server responds, the router will process the nat table backward.
NAT or IP masquerading are almost invisible to the computers.
DNAT is used when you have more than one public IP to use to surf (load balancing...).
SNAT CAN BE: specify a group of private address to use a specific public IP (static NAT) or Secure NAT which is a secure connection on ISA server OR it can also be STATEFUL NAT in the CISCO's WORLD.
I think it's all... I hope my explanation is not too boring.
If you need further help let me know
