Network Address Translation

NAT works by creating a one-to-many map between private IP addresses and public IP addresses. First, let's discuss this notion of private IP addresses. Certain ranges of the IPv4 address space are reserved for private use. Essentially, this means that anyone can create private networks using these addresses, because they do not in themselves connect to the Internet. These ranges are:

• 10.0.0.0/8
• 172.16.0.0/12
• 192.168.0.0/16

NAT greatly increases the amount of addresses that can communicate on the Internet but it also has some important implications for security. Since the default gateway will overwrite all source IP addresses by its public address, any traffic passed through the gateway looks like it is coming from the gateway itself. This helps protect the internal IP addresses, since it is difficult for a given destination to know what the "real" source IP address is. On the flipside, NAT can make it difficult to attribute traffic for network and system administrators outside of a private network.

Relevant Note(s): Network Technologies Port Address Translation