Nat Overview; What Is Nat - Brocade Communications Systems 5600 Reference Manual

NAT Overview

● What is NAT?.................................................................................................................. 11
● Benefits of NAT............................................................................................................... 12
● Types of NAT.................................................................................................................. 13
● NAT 6-4...........................................................................................................................15
● Interaction between NAT, routing, firewall, and DNS......................................................17
● NAT rules........................................................................................................................ 22
● Traffic filters.....................................................................................................................23
● Address conversion: translation addresses.................................................................... 24

What is NAT?

Network Address Translation (NAT) is a service that modifies address, port, or both types of information
within network packets as they pass through a computer or network device. The device that performs
NAT on the packets can be the source of the packets, the destination of the packets, or an intermediate
device on the path between the source and destination devices.
FIGURE 1 An example of a device that performs NAT
NAT was originally designed to help conserve the number of IP addresses used by the growing number
of devices accessing the Internet, but it also has important applications in network security.
The computers on an internal network can use any of the addresses set aside by the Internet Assigned
Numbers Authority (IANA) for private addressing (refer to RFC 1918). These reserved IP addresses are
not in use on the Internet, so an external machine does not directly route to them. The following
addresses are reserved for private use:
• 10.0.0.0 through 10.255.255.255 (CIDR: 10.0.0.0/8)
• 172.16.0.0 through 172.31.255.255 (CIDR: 172.16.0.0/12)
• 192.168.0.0 through 192.168.255.255 (CIDR: 192.168.0.0/16)
A NAT-enabled router can hide the IP addresses of an internal network from the external network by
replacing the internal, private IP addresses with public IP addresses that have been provided to it.
These public IP addresses are the only addresses that are ever exposed to the external network. The
router can manage a pool of multiple public IP addresses from which it can dynamically choose when
performing address replacement.
Be aware that, although NAT can minimize the possibility that internal computers make unsafe
connections to the external network, it provides no protection to a computer that, for one reason or
Brocade 5600 vRouter NAT Reference Guide
53-1003718-03
11