Various forms of NAT
NAT which is defined in
RFC 1631, can be used for 3 main reasons:
For each one of those reasons, NAT can be used in one of its various forms.
These include:
Static NAT - Mapping an unregistered IP address to a registered
IP address on a one-to-one basis. Particularly useful when a device needs
to be accessible from outside the network.
_____________
/ \ _ _________
| 192.168.0.1 | \_ 155.207.113.80 / \
\_____________/ \_ ----------------> | |
\_ | |
\_ | PUBLIC |
_____________ \-> ____________ | |
/ \ / \ 155.207.113.69 | NETWORK |
| 192.168.0.2 | ---------> | ROUTER | ----------------> | |
\_____________/ | | | |
_/-> \____________/ | |
_____________ _/ 155.207.113.51 | |
/ \ _/ ----------------> \_________/
| 192.168.0.3 | _/
\_____________/ _/
In static NAT, the computer with the IP address of 192.168.0.2 will always translate to 155.207.113.69.
Dynamic NAT - Maps an unregistered IP address to a registered IP address from a group of registered IP addresses. In dynamic NAT, the router/NAT device/whatever, maintains a pool of routable IPs, from which assigns IPs to the hosts of the internal LAN that need to communicate with the public network.
_____________
/ \ _ _________
| 192.168.0.7 | \_ 155.207.113.18 / \
\_____________/ \_ ----------------> | |
\_ | |
\_ | PUBLIC |
_____________ \-> ____________ | |
/ \ / \ 155.207.113.25 | NETWORK |
| 192.168.0.3 | ---------> | ROUTER | ----------------> | |
\_____________/ | | | |
_/-> \____________/ | |
_____________ _/ 155.207.113.101 | |
/ \ _/ ----------------> \_________/
| 192.168.0.5 | _/
\_____________/ _/
In the case of dynamic NAT, the first station who wants to communicate with the public network, is assigned by the router the first available IP address from the address pool. Here is the pool for example:
- 155.207.113.18 , assigned to 192.168.0.7
- 155.207.113.25 , assigned to 192.168.0.3
- 155.207.113.101, assigned to 192.168.0.5
- 155.207.113.107, available
- 155.207.113.31 , available
Dynamic NAT can be very useful in case you have a large local LAN (say 30 stations), but your ISP has given you only 5 IP addresses.
Overloading - A form of dynamic NAT that maps multiple unregistered IP addresses to a single registered IP address by using different ports. Known also as PAT (Port Address Translation), single address NAT or port-level multiplexed NAT.
_____________
/ \ _ _________
| 192.168.0.7 | \_ 155.207.113.100:1001 / \
\_____________/ \_ ----------------> | |
\_ | |
\_ | PUBLIC |
_____________ \-> ____________ | |
/ \ / \ 155.207.113.100:1002 | NETWORK |
| 192.168.0.3 | ---------> | ROUTER | ----------------> | |
\_____________/ | | | |
_/-> \____________/ | |
_____________ _/ 155.207.113.100:1003 | |
/ \ _/ ----------------> \_________/
| 192.168.0.5 | _/
\_____________/ _/
As we can see, in overloading, each computer on the private network is translated to the same IP address (155.207.113.100) but with a different port number assignment.
How to share a single internet connection using PAT
One can use NAT overloading (PAT) when he has a single connection to the internet which he wants to share to a LAN. Say, for example, that I have a DSL router and a computer lab consisting of 20 PCs running various OSs (Windows, Linux, OpenBSD, MACOS, etc). When the router connects, my ISP assigns to its interface an IP address, say 155.207.113.100. So, my router also has an ethernet 100Mbps interface which connects to the lab's ethernet switch. All the PCs in the lab are also connected to the switch and the router effectively shares the internet connection to all the PCs. We just have to activate NAT overloading inside the router configuration and, in addition, declare to every PC in our lab to use the ethernet interface IP address of the router (say 192.168.0.100) as a gateway, et voila!
There is also NAT overlapping. When the IP addresses used on your internal network are registered IP addresses in use on another network, the router must maintain a lookup table of these addresses so that it can intercept them and replace them with registered unique IP addresses. But that's a rather rare case.
Bibliography: http://www.cisco.com