Question about Network Address Translation and Port Address Translation

Armitron77Armitron77 Member Posts: 134 ■■■□□□□□□□
Question about NAT and PAT on how they work and to make sure I'm understanding it.

According to the All-In-One CompTIA Network+ (N10-005) 5th Edition book, it states the following:

NAT

"Routers running some form of Network Address Translation (NAT) hide the IP addresses of computers on the LAN but still enable those computers to communicate with the broader Internet." Page 238

"The simplest NAT, called basic NAT, does exactly that, translating the private or internal IP address to a global IP address on a one-to-one basis." Page 240

PAT

"The most common form of NAT that handles this one-to-many connection - called Port Address Translation (PAT) - uses port numbers to map traffic from specific machines in the network." Page 240

In other words, NAT is able to translate internal or private IP addresses to an external or public (from a pool of available) IP addresses to the internet on a one-to-one basis by using one IP address per client. For example, by utilizing NAT, you can translate an internal IP address of 10.10.10.0 to a single external IP address of 123.45.67.89. Whereas PAT (also known as NAT overloading), uses one IP address for all clients in combination with multiple port numbers. For example, by utilizing PAT, you are able to take, lets say two source IP address: 10.10.10.100 and 10.10.10.101 and translate it to a single external IP address of 123.45.67.89 in combination with port numbers. Therefore, the IP addresses can be translated from 10.10.10.100 to 123.45.67.89:1000 and 10.10.10.101 can be translated to 123.45.67.89:1001.

Is my understanding correct?
Bachelor of Science Degree in Computer & Network Security
Associate in Applied Science Degree in Network Management
Associate in Applied Science Degree in Network Management/Cyber Security
CompTIA A+ Certified | CE, CompTIA Network+ Certified | CE

2016 Goals: CCENT/CCNA Routing & Switching COLOR=#008000][B]IN PROGRESS[/B][/COLOR/CompTIA Security+ COLOR=#008000][B]IN PROGRESS[/B][/COLOR

Comments

  • MooseboostMooseboost Member Posts: 778 ■■■■□□□□□□
    You pretty much have it. With Nat you have have static, dynamic, and PAT. Static and dynamic eat up real world IPs as they translate each internal to a single external address. The difference is that static is configured for each specific internal to get a specific external, whereas dynamic pulls from a pool of external address. PAT assigns a port number to the internal IP that when the traffic comes back in on the external it knows where to go.
  • BlackBeretBlackBeret Member Posts: 683 ■■■■■□□□□□
    You basically have it. NAT is one-one, and with PAT you have one-many. Think of your home router. You have one public IP address, but many internal IP addresses. These can be assigned statically based on port assignment. If you put in my public IP address and go to port 80, you're directed to my internal web server at 192.168.1.100, port 22, and your directed to 192.168.1.110 for another system that I have, etc. From the outside you don't know where the traffic is going internally.
  • MarcITMarcIT Member Posts: 36 ■■□□□□□□□□
    Yes, your understanding is correct. Like others have noted, your home router will perform PAT which is the common form of address translation.

    Here are my notes when I was studying for Net+, which are basically the same as yours. I can tell by your example you are watching Professor Messer... you are in good hands icon_wink.gif:

    PAT (Port Address Translation) or Source NAT (SNAT) or NAT overloading, is the process where many private IP addresses can be taken and converted into one single public IP address, thereby connecting a network to the internet with one single public IP on the router.
    This is very common on SOHO routers.

    In order to use NAT in this scenario, you would need a registered public IP address for each private IP address on the network.

    An example of PAT in action would be if two hosts (with assigned private IP addresses 10.10.10.100 and 10.10.10.101) wanted to send and receive traffic from the internet. They would use the single public IP address on the router of 123.45.67.89 along with a source port number. If a port number is already allocated, PAT searches for an available alternative source port number. [The router would handle this process of adding a source port number and translating the private address to a public one.] Also when a port number is added, a Source NAT Conversion Table is created to keep track of the different source port numbers in use, so that traffic can be sent back to the original source.

    Therefore, the host at IP address 10.10.10.100 could access the Internet using the public address and source port combination of 123.45.67.89:10000. Meanwhile, the host at IP address 10.10.10.101 could access the internet using the IP address and source port combination of 123.45.67.89:10001.

    If the host of 10.10.10.100 accessed and requested information from a web server such as www.CNN.com, CNN.com would send data to the external public address on the router, and the router would forward it to the host that initialised the request originally by looking at the source port used (the router stores connection data such as destination address and port - source NAT conversion table).
Sign In or Register to comment.