Network Address Translation
|Top Previous Next|
As covered above, a gateway is a device with two addresses -- one on each network it's connected to.
So, you have just one address coming out of your LAN into the WAN. What happens if you have 5, 10 or even 100 computer on your LAN, all trying to use the gateway at the same time for connecting to the internet?
This is where Network Address Translation (NAT) comes into play. With NAT, all computers in the LAN "hide" behind the gateway:
Many Hosts Can Originate Outbound Connections
The biggest advantage of using NAT is in limiting the amount of "real" IP addresses you need. You can have hundreds of computers communicate with various hosts on the internet, using just one "real" IP address. This translates into significant savings in cost.
Below you can see four different workstations on the same LAN communicating at the same time with three different web servers on the WAN through just one "real" IP address (that of the router):
No Host Can Receive an Inbound Connection
The biggest disadvantage of using NAT is that it's impossible to originate inbound connections. Supposing you have a host internally, within the network, and you wish to originate a connection to this host from outside (from some host on the WAN); The router will not know where to direct the incoming connection. No internal host tried to originate an outbound connection to this remote host, and so no internal host is currently mapped to that port on the router and expects a connection from that external host. So, when the packet comes to the router, it goes nowhere (is 'dropped'):