NAT, the abbreviation for Network Address Translation, it is the protocol to translate the IP address within an IP packet header to another IP address. When the IP packets pass through the devices or routers, the devices or routers will translate the source IP address and/or the destination IP address in the IP packets. In practice, NAT is mostly used to allow the private network to access the public network, or vice versa. NAT has the following advantages:
Typically private networks use private IP addresses. RFC1918 defines three types of private IP addresses as follows:
IP addresses in the above three ranges will not be allocated on the Internet. You can use those IP addresses in an enterprise network freely without requesting them from an ISP (Internet Service Provider) or registration center.
When a device is implementing the NAT function, it lies between the public network and the private network. The following diagram illustrates the basic translation process of NAT.
As shown above, the device lies between the private network and the public network. When the internal PC at 10.1.1.2 sends an IP packet (IP packet 1) to the external server at 202.1.1.2 through the device, the device checks the packet header. Finding that the IP packet is destined to the public network, the device translates the source IP address 10.1.1.2 of packet 1 to the public IP address 202.1.1.1 which can get routed on the Internet, and then forwards the packet to the external server. At the same time, the device also records the mapping between the two addresses in its NAT table. When the response packet of IP packet 1 reaches the device, the device checks the packet header again and finds the mapping records in its NAT table, then replaces the destination address with the private address 10.1.1.2. In this process, the device is transparent to the PC and the Server. To the external server, it considers that the IP address of the internal PC is 202.1.1.1 and knows nothing about the private address 10.1.1.2. Therefore, NAT hides the private network of enterprises.
The NAT function of the Hillstone devices translates the IP address and port number of the internal network host to the external network address and port number of the device, and vice versa. That is translation between the "private IP address + port number" and the "public IP address + port number".
The Hillstone devices achieve the NAT function through the creation and implementation of NAT rules. There are two types of NAT rules, which are source NAT rules (SNAT Rule) and destination NAT rules (DNAT Rule). SNAT translates source IP addresses, thereby hiding the internal IP addresses or sharing the limited IP addresses; DNAT translates destination IP addresses, usually translating IP addresses of internal servers (such as the WWW server or SMTP server) protected by the device to public IP addresses.
