Network Address Translation

(redirected from IP masquerading)

Network Address Translation

(NAT, or Network Address Translator, Virtual LAN) A technique in which a router or firewall rewrites the source and/or destination Internet addresses in a packet as it passes through, typically to allow multiple hosts to connect to the Internet via a single external IP address. NAT keeps track of outbound connections and distributes incoming packets to the correct machine.

NAT is an alternative to adopting IPv6 (IPng). It allows the same IP addresses (10.x.x.x is the conventional range) to be used on many private local networks while requiring only one of the increasingly scarce public addresses to be allocated to each private network.

NAT does not however allow an external service to initiate a TCP connection to an internal host, nor does it support stateless protocols based on UDP well unless the router software has extensions to support each specific protocol.
This article is provided by FOLDOC - Free Online Dictionary of Computing (


(Network Address Translation) The technology that maintains the privacy of the addresses of the computers in a home or business network when accessing the Internet. It converts the private addresses that are assigned to the internal computers to one or more public addresses that are visible on the Internet (see private IP address). NAT is an IETF standard that is implemented in a router or firewall as well as in any user's machine that is configured to share its Internet connection (see ICS).

NAT assigns a number to the packet headers of the messages going out to the Internet and keeps track of them via an internal table that it creates. When responses come back from the Internet, NAT uses the table to perform the reverse conversion to the private IP address of the requesting client machine (see illustration below).

A First-Level Firewall
NAT provides a small amount of security by keeping internal addresses hidden from the outside world. It prevents several kinds of first-level attacks, but not all, and it must be used in conjunction with the stateful inspection firewall built into the router or personal firewall in each user's machine. Enterprises generally use very robust firewall architectures for security (see firewall and firewall methods). See dynamic NAT.

Not Enough IP Addresses
When the Internet was first developed, its 32-bit IP address provided four billion discrete numbers, which proved woefully insufficient to assign a unique number to every device that eventually became Internet enabled. With IP Version 6 (IPv6), there are sufficient numbers for everything on the planet; however, the original system (IPv4) is thoroughly entrenched. See IPv4 and IPv6.

NAT Port Address Translation (PAT)
This common NAT method assigns a different TCP port number to each client session with a server on the Internet. When responses come back, the source port becomes the destination port and determines which user to route the packets to. It also validates that the incoming packets were requested. See TCP/IP port.
Copyright © 1981-2019 by The Computer Language Company Inc. All Rights reserved. THIS DEFINITION IS FOR PERSONAL USE ONLY. All other reproduction is strictly prohibited without permission from the publisher.
References in periodicals archive ?
Version 4.1 offers support for the newly released Linux NetFilter firewall and for IP masquerading - the Linux equivalent of network address translating.
Meanwhile Tokyo, Japan-based Pacific HiTech announced its own TurboLinux cluster server, boasting load balancing and IP masquerading and priced from $1,995 for two machines.
As a temporary solution, the ISP set them up with a firewall that does "IP Masquerading." This allowed SUNY Potsdam's residence halls to go online despite the contradictory addresses.