Network Address Translation (NAT)

In thIe previous example, we had a router connecting our two private networks – the office network (the /24 means a subnet mask of and

So C1 sends the data to an interface on R1, R1 determines the destination is via its other interface and send the data on to O1. O1 needs to send the reply back to C1. It sends the reply to its gateway – the interface on R1 which sends it back out the other interface back to C1. This all works fine.

When C1 wants to send a message to gmail for example, it finds the address of the server by DNS. (you can do this yourself by typing nslookup at a command prompt). resolves to the IP This is not in the subnet so the frame is sent to the router for the next hop.

The modem/router will have an IP address on the interface that faces the internet. This is known as the public IP address. You can find yours out by going to the website

What Is My IP?

without NAT, the return ip address for gmail will be the internal address of our computer C1 gmail has no way of sending a reply to that address and it won’t work.

What NAT does is that the router will change the return (source) address from C1’s address to its own public IP address (which gmail can find) and then when the return comes in to change the IP addresses again to C1’s address. It does this by maintaining a table of translations and manipulating ports. Ports are a feature of some level 4 protocols (above level 3) such as TCP and UDP. They are important to be aware of because firewall filtering can be done by port. Protocols that have no port cannot be processed by NAT. An example of this includes some of the protocols underpinning Virtual Private Networks (VPN). NAT will also make a mess of some other protocols including the Voice over IP protocol SIP