Network Address Translation (NAT) is a technique which may be used in a routing device to convert between a "public" and a "private" address. Packet headers are rewritten as necessary; for some protocols it may be necessary to rewrite addresses embedded within the packet body for correct operation.

There are two basic types:
  • Basic NAT: in this model there is a one-to-one mapping between the addresses on the internal and external interfaces, and each system has a unique public IP address. Port numbers for protocols that use them (eg TCP, UDP) remain unchanged.
  • Port Address Translation (PAT): also called Network Address Port Translation (NAPT), this is in fact what many people mean when they say "NAT". In this scenario, the one-to-one mapping between internal and external addresses is lost; typically all internal addresses will map to one external address (though sometimes more than one may be used). Because multiple internal addresses may be using the same port numbers, the routing device must remap port numbers between the internal and external interfaces.
Henceforth we will use the term "NAT" as a blanket term to cover both forms; the latter form is that more commonly seen within the University environment.

NAT has been widely used in commercial environments for some time. With the advent of domestic broadband routers it is now commonly seen in homes to allow multiple systems to share a single IP address assigned by the ISP; this generally works fairly well. In recent years, NAT solutions have been increasingly implemented within the University, but this is not without problems. There are many factors to be considered which are simply not an issue in a typical corporate or domestic environment, in part brought on by the distributed nature of IT support within the University.

This document describes some of the issues which college and department network administrators should take into account when considering NAT implementations.

Sections in this document: