What is NAT in Computer Network?
The NAT full form is Network Address Translation. It is a very common concept in computer networks. Mainly when we use the internet from a LAN. When you browse a website from your laptop using office or home LAN. You type the URL in the browser and hit the enter key. The laptop sends an HTTP request (with private IP) to the router to forward the same to the web server hosting the website for that URL.
The router in turn sends the same request to the server with its own public IP (No private IP) in the source address. The response has the destination IP of the router (public IP), not your laptop LAN IP.
Have you ever thought about, how the router knows which LAN computer response has to go? The answer is through NAT. Without the network address translation, it is not possible.
As the routing in the public network (e.g Internet) uses public IP. A public IP is an address that is similar to a postal address. All the web services are hosted over the public IP so that everyone accesses the website.
LAN and NAT?
A LAN is a group of connected computers using switches, hubs, and routers. Each computer (or any other network device) is assigned an internal IP e.g 192.168.1.45. The IP allocation could be static or via DHCP. There is a complete range of a private IP 192.168.1.xx based on a subnet mask. When a device sends a message out, the network router (default gateway) checks if the IP belongs to the LAN e.g From 192.168.1.24 to 192.168.1.56, it routes the message to that computer.
If it is to access a public computer such as 188.8.131.52 (www.yahoo.com). The router forwards to the URL and keeps an entry in its using memory
Why need NAT for LAN?
Imagine, if there is no NAT, then how each computer will access the internet? Simply each computer should have a public IP from the ISP. Does this really feasible for an organization or even at home? With the Network Address Translation, a group of computers can access the internet using the same public IP.
Firewall And NAT:
Most organizations use firewalls instead of a simple router. It may block, unblock, or shape the network traffic based on various parameters, such as ports, IP ranges, etc. The Network Address Translation and routing features are coupled with the firewall. For NAT it maintains the state between the external server and internal IP. While data transfer a firewall can look into the payloads and applies traffic rules.
If we look then there are two sub-sessions, one is between the firewall and internal LAN computer and another is from the firewall to the public internet server.
How to restrict the IPs using NAT?
While configuring translation, we can specify the private IP ranges. This will restrict Internet access. For example, in a company, if only the marketing department is allowed to access the internet, then the NAT table will have only addresses of marketing department computers.
How to configure a Linux machine as a router with NAT?
Linux is an open-source operating system. It comes with many userspace features such as
iptables you can create NAT. When you access the internet the router does the job. But when software needs to bridge a LAN device and the internet, operating system settings require to forward the IP packet to the internet and vice versa. This requires NAT settings on the Linux machine.
For example, in a telecom network, there is a gateway between mobile and the packet network named GGSN. For GPRS attach, the mobile device gets a private IP from the GGSN and a logical tunnel is set up over UDP between GGSN and SGSN for uplink and downlink data.
When a mobile user browses a website, HTTP packets reach the GGSN with private IP as the source address