your image

Types of Network Address Translation (NAT) - GeeksforGeeks

saurabh Sharma
greeksforgeeks
Related Topic
:- computer network routers

Types of Network Address Translation (NAT)

  • Difficulty Level : Easy
  • Last Updated : 02 Jun, 2021

 

Prerequisite – Network address translation (NAT) 
Network Address Translation (NAT) is a process in which one or more local IP address is translated into one or more Global IP address and vice versa in order to provide Internet access to the local hosts. NAT generally operates on router or firewall. 

Network address translation (NAT) working – 
Generally, the border router is configured for NAT i.e the router which have one interface in local (inside) network and one interface in global (outside) network. When a packet traverse outside the local (inside) network, then NAT converts that local (private) IP address to a global (public) IP address. When a packet enters the local network, the global (public) IP address is converted to local (private) IP address. 

If NAT run out of addresses, i.e., no address is left in the pool configured then the packets will be dropped and an Internet Control Message Protocol (ICMP) host unreachable packet to the destination is send. 

NAT types – 
There are 3 types of NAT: 

1. Static NAT – 
In this, a single private IP address is mapped with single Public IP address, i.e., a private IP address is translated to a public IP address. It is used in Web hosting. 

 

 

 

Configuration – 

 

 

Here is a small topology in which there is PC having IP address 192.168.1.1/24, Router R1 having IP address 192.168.1.2/24 on interface fa0/0, 12.1.1.1/24 on fa0/1 and server having IP address 73.1.1.2/24. 

Now, inside local and inside global are shown in the figure. Configuring the static NAT through command ip nat inside source static INSIDE_LOCAL_IP_ADDRESS INSIDE_GLOBAL_IP_ADDRESS. 
 

R1(config)# ip nat inside source static 192.168.1.1 12.1.1.1 

Now, we have configure router’s inside interface as IP NAT inside and outside interface as IP NAT outside. 
 

R1(config)# int fa0/0R1(config-if)# ip nat insideR1(config)# int fa0/1R1(config-if)# ip nat outside 

2. Dynamic NAT – 
In this type of NAT, multiple private IP address are mapped to a pool of public IP address . It is used when we know the number of fixed users wants to access the Internet at a given point of time. 

Configuration – 

 

 

 

 

 

There is PC having IP address 192.168.1.1/24, Router R1 having IP address 192.168.1.2/24 on interface fa0/0, 12.1.1.1/24 on fa0/1 and server having IP address 73.1.1.2/24. 
Now, first configuring the access-list: 
 

R1(config)# access-list 1 permit 192.168.1.0 0.0.0.255 

Configuring the nat pool from which a public IP will be selected. 
 

R1(config)# ip nat pool pool1 12.1.1.1 12.1.1.3 netmask 255.255.255.0 

Now, enabling Dynamic NAT: 
 

R1(config)# ip nat inside source list 1 pool pool1

At last, we have to configure router interfaces as inside or outside. 
 

R1(config)# int fa0/0R1(config-if)# ip nat insideR1(config)# int fa0/1R1(config-if)# ip nat outside

3. Port Address Translation (PAT) – 
This is also known as NAT overload. In this, many local (private) IP addresses can be translated to single public IP address. Port numbers are used to distinguish the traffic, i.e., which traffic belongs to which IP address. This is most frequently used as it is cost effective as thousands of users can be connected to the Internet by using only one real global (public) IP address. 

Configuration – 

 

 

 

 

 

Taking the same topology, There is PC1 having IP address 192.168.1.1/24, Router R1 having IP address 192.168.1.2/24 on interface fa0/0, 12.1.1.1/24 on fa0/1 and server having IP address 73.1.1.2/24. 
Now, first configuring the access-list: 
 

R1(config)# access-list 1 permit 192.168.1.0 0.0.0.255 

Configuring the nat pool from which a public IP will be selected. 
 

R1(config)# ip nat pool pool1 12.1.1.1 12.1.1.1 netmask 255.255.255.0

Here, note that the nat pool is shrunk to one ip address only and the IP address used is the outside interface ip address of the router. If you have additional IP then you can use that also. 
Now, enabling Dynamic NAT overload (PAT): 
 

R1(config)# ip nat inside source list 1 pool pool1 overload

Or we can also use 
 

R1(config)# ip nat inside source list 1 interface fastEthernet 0/1 overload

At last, we have to configure router interfaces as inside or outside. 
 

R1(config)# int fa0/0R1(config-if)# ip nat insideR1(config)# int fa0/1R1(config-if)# ip nat outside

How NAT protect you:-

-It hides the IP address of any devices on your network from the outside world giving them all a single address.

-It requires every incoming packet of information to have been asked for by a device. if a malicious data packet isn’t on the list of expected communications it gets rejected.

-Some firewalls can use whitelisting to block unauthorized outgoing traffic so if you do contract a piece of malware your firewall may prevent it from communicating with your device.

Comments