Questions and Answers

Safepipe Centre > Questions and Answers

How does NAT work?

NAT, Network Address Translation is a technique which keeps the contents of the local network hidden. While it allows users on the local network hassle-free Internet access, it locks out all communication from the Internet to the local network - unless the incoming traffic has been specifically invited. Incoming communication is only allowed when users on your local network have requested information from the Internet, or when local servers, such as an electronic mail server or a World Wide Web server, are being accessed.

NAT is an Internet standard that makes it possible for a business with a local network to use two sets of IP addresses (the standard addresses for locating devices connected to the Internet). With NAT for a firewall there is one set of addresses for internal traffic on the local network, and another set for external traffic to and from the local network. NAT will take care of translating the addresses, hence its name.

Using two sets of IP addresses, one for internal and one for external traffic, the internal IP addresses become hidden from the outside environment and thus not vulnerable to unwanted visits and hacker attempts.

Network Address Translation, NAT: internal IP addresses are rewritten before going out to the Internet

A message sent with TCP/IP usually carries not only the receiver's details, but also information about the sender's IP address. NAT makes sure that IP address details of messages going out from the local network to the Internet are rewritten, making it appear that they all come from the firewall. This ensures that outsiders cannot find the IP addresses of individual computers on the local network, since they are aware of only one IP address for the business' local network - that of the firewall.

Furthermore, as hackers and other intruders cannot get into the local network, they cannot abuse the local network for another common hacker scam: to impose upon other networks by pretending to come from a trustworthy business.

NAT even provides a useful bonus: NAT gives the business a larger amount of IP addresses for internal use than it would otherwise have access to. As the internal IP addresses are used only on the local network, they do not conflict with IP addresses already in use on the public Internet.