NAT : Java Glossary
home N words local find no local find frame, full screen Google search web for topic jump to footer translate with Babelfish by Roedy Green ©1996-2008 Canadian Mind Products
Go to : punctuation 0-9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z (all)
NAT
Network Address Translation. A firewall scheme for hiding the IPs on your LAN from the outside world. To the outside world your LAN looks like a single IP, the firewall, making all the requests. To the workstations on your LAN the firewall (often embedded in a router), in transparent. They are not aware it is there.

Under The Hood

Let’s look at how NAT works.

Let’s say I have two computers A and B on a LAN with IPs 192.168.0.2 and 192.168.0.3.

Let’s say I have a router/firewall on the LAN internally addressable at IP 192.168.0.1 with a face IP to the world of 4.69.120.20.

Let’s say I want to talk to a server with IP 65.110.21.43.

Let’s say that both A and B want to look at web page on the server. A sends a request containing its own IP, 192.168.0.2, a free port, e.g. 9422 for the return packets to come to, the IP of the server, 65.110.21.43, and 80 the port of the server, to the router’s internal IP, 192.168.0.1.

B similarly sends a request containing its own IP, 192.168.0.3, a free port, e.g. 9423 for the return packets to come to, the IP of the server, 65.110.21.43, and 80 the port of the server, to the router’s internal IP, 192.168.0.1.

To the outside world on the Internet, router looks like a single computer. A and B and their IP’s are invisible to the outside world. So the router has to fake the two requests from A and B as if they both came from itself. So it sends out to the Internet two packets, the first, representing A’s request, with the router’s face IP, 4.69.120.20, and a free port on the router, e.g. 9432, the IP of the server, 65.110.21.43, and port 80, and the second packet, representing B’s request, with the router’s face IP, 4.69.120.20, and a different free port on the router, e.g. 9433, the IP of the server, 65.110.21.43, and port 80.

When the server responds to A’s request it sends a packet to the router, with the router’s face IP, 4.69.120.20, and port 9432 number in the header, the router has to look up the computer, e.g. 192.168.0.2 and which port, e.g. 9422 it associates with. It then forwards the response to computer A, 192.168.0.2, and port, 9422. Similarly for messages for computer B, the router receives a message with the router’s face IP, 4.69.120.20, and port 9433 in the header, and forwards it to computer B, 192.168.0.2 and port 9423.

This works fine when a computer on the LAN initiates the conversation, but does not work if you try to host a server of some sort, e.g. Tomcat or BitTorrent. In that case you must manually configure the router to take incoming calls for a particular port and route them to a particular machine on the LAN and port.

Routers usually act also as firewalls. They can block incoming or outgoing traffic by a number of criteria, including port number, destination, time of day and protocol.

I am not too clear on this, but there appear to be several configuring protocols UPnP-NAT(PC), NAT-PMP(Mac) and SOHO. And of course many routers are not configurable,

firewall
NAT cracker: autoconfigure a NAT student project
socket
SOCKS
TCP/IP
UDP
CMP_homejump to top
CMP logo		 feedback Please email your feedback for publication, errors, omissions, broken/redirected link reports
and suggestions to improve this page to Roedy Green : feedback email
made with CSS
HTML Checked!
ICRA ratings logo
mindprod.com IP:[65.110.21.43]
Your face IP:[38.103.63.16] Spread the Net
You are visitor number 7,564.
You can get a fresh copy of this page from: or possibly from your local J: drive (Java virtual drive/Mindprod website mirror)
http://mindprod.com/jgloss/nat.html J:\mindprod\jgloss\nat.html