NAT : Java Glossary

*0-9ABCDEFGHIJKLMNOPQRSTUVWXYZ (all)

NAT
NAT (Network Address Translation). A firewall scheme for hiding the IP (Internet Protocol) on your LAN (Local Area Network) from the outside world. To the outside world your LAN looks like a single IP, the firewall, making all the requests. To the workstations on your LAN the firewall (often embedded in a router), in transparent. They are not aware it is there.

Under the Hood

Let’s look at how NAT works.

Let’s say I have two computers A and B on a LAN with IP 192.168.0.2 and 192.168.0.3.

Let’s say I have a router/firewall on the LAN internally addressable at IP 192.168.0.1 with a face IP to the world of 4.69.120.20.

Let’s say I want to talk to a server with IP 65.110.21.43 .

Let’s say that both A and B want to look at web page on the server. A sends a request containing its own IP, 192.168.0.2, a free port, e.g. 9422 for the return packets to come to, the IP of the server, 65.110.21.43 and 80 the port of the server, to the router’s internal IP, 192.168.0.1.

B similarly sends a request containing its own IP, 192.168.0.3, a free port, e.g. 9423 for the return packets to come to, the IP of the server, 65.110.21.43 and 80 the port of the server, to the router’s internal IP, 192.168.0.1.

To the outside world on the Internet, router looks like a single computer. A and B and their IP ’s are invisible to the outside world. So the router has to fake the two requests from A and B as if they both came from itself. So it sends out to the Internet two packets, the first, representing A’s request, with the router’s face IP, 4.69.120.20 and a free port on the router, e.g. 9432, the IP of the server, 65.110.21.43 and port 80 and the second packet, representing B’s request, with the router’s face IP, 4.69.120.20 and a different free port on the router, e.g. 9433, the IP of the server, 65.110.21.43 and port 80.

When the server responds to A’s request it sends a packet to the router, with the router’s face IP, 4.69.120.20 and port 9432 number in the header, the router has to look up the computer, e.g. 192.168.0.2 and which port, e.g. 9422 it associates with. It then forwards the response to computer A, 192.168.0.2 and port, 9422. Similarly for messages for computer B, the router receives a message with the router’s face IP, 4.69.120.20 and port 9433 in the header and forwards it to computer B, 192.168.0.2 and port 9423.

This works fine when a computer on the LAN initiates the conversation, but does not work if you try to host a server of some sort, e.g. Tomcat or BitTorrent. In that case you must manually configure the router to take incoming calls for a particular port and route them to a particular machine on the LAN and port.

Routers usually act also as firewalls. They can block incoming or outgoing traffic by a number of criteria, including port number, destination, time of day and protocol.

I am not too clear on this, but there appear to be several configuring protocols UPnP-NAT(PC (Personal Computer)), NAT-PMP(Mac) and SOHO. And, of course, many routers are not configurable,


This page is posted
on the web at:

http://mindprod.com/jgloss/nat.html

Optional Replicator mirror
of mindprod.com
on local hard disk J:

J:\mindprod\jgloss\nat.html
Canadian Mind Products
Please the feedback from other visitors, or your own feedback about the site.
Contact Roedy. Please feel free to link to this page without explicit permission.

IP:[65.110.21.43]
Your face IP:[34.230.66.177]
You are visitor number