5.3 Changing addresses
In this part you will see how the gateway router’s external public IP address can be substituted for the private IP address of traffic leaving a private network. This translation of addresses is at the heart of network address translation (NAT).
Now watch the video below, which is about 3 minutes long.
We’ve seen that I can ping from my computer to other devices on my own network. Let’s see if I can ping to somewhere on the internet such as the MegaCorp web server here. I’ll open a console and ping it: ping and then the address of the MegaCorp’s web server, which is 18.104.22.168. And there we are, we do have some replies. So from my desktop I can certainly ping out on to the internet and get an answer.
I can also open a web browser; I am going to type the address of the web server (22.214.171.124 – I’m using the IP address rather than the domain name), and then we can see that the server responds with its web page which I can browse around. So I can reach MegaCorp’s web server and Helen can do the same on her computer: type http://126.96.36.199and reach exactly the same website as before. So this is Helen’s desktop reaching MegaCorp’s website.
But that does raise another problem: the server has had two requests that seem to have come from the same IP address: my address is 192.168.0.100, and Helen’s is also 192.168.0.100. If the server were to just reply to that address, where will the packets end up? Myine machine or Helen’s machine? It just ain’t gonna work. So that is a problem, and we’ll have to see how that is sorted out.
We’ve seen that the gateways themselves have got unique IP addresses on the internet. So if those devices had actually asked the web server for a web page, there would be no problem: the replies could be directed back to the unique IP addresses that belong to those two different gateways.
So actually that’s the answer – the gateway is going to cheat. When it gets my request, it will take out the IP address of my desktop and replace it with its own IP address, and then forward that to the web server. Then the web server can reply and the packets will be routed back to the gateway.
Of course, the gateway has to remember what it has done and reverse the trick, that is take out its own IP address and put back my IP address as the destination. Then it passes the packets on for switching to the correct host on the LAN, my desktop.
So this is network address translation, NAT.
And that all works OK now – Helen and I can both request the same web page at the same time because by the time the requests reach the host server, the source IP addresses have been fiddled so that requests appear to come from two different gateways.
On the return journey, the page will be routed back to the correct gateway. Then each gateway has to reverse the swap it made so the page now has the destination address 192.168.1.100. That is in the private address range and will be switched only on the LAN, so it doesn’t matter that both gateways are sending to the same IP address.
The IP address on the external network interface of the gateway router is able to communicate with the internet. The gateway router will replace private source addresses with its own public address as it forwards traffic from the private LAN to the internet. The traffic now appears to come from the gateway itself and does not contain a private address; it can therefore be routed successfully over the internet. When traffic returns to the gateway router, the gateway will reverse the swap, replacing its own address with the private destination address, and then switch the packets on the LAN.
This is network address translation (NAT). NAT allows devices with addresses in the private range to communicate with the internet. It also means that all devices on the private LAN effectively share a single IP address to connect to the internet.
Activity 5 Test yourself
Identify the one correct statement in the list below.
NAT is an acronym for network address transmission.
A typical home gateway router can carry out network address translation (NAT).
If you want to use NAT on a typical home network, you will need to buy an additional computer to carry out network address translation.
The correct answer is b.