Protocols, Misc

Overview

• Also know as IP masquerading.
  
• Allows multiple computers on a LAN to share an internet connection using a single external IP address.
• All routers for broadband DSL/cable use NAT.

Security

• NAT routers can offer basic protection against worms and trojans, by not forwarding port requests from outside the LAN.
• Some NAT routers offer firewall protection (Stateful Packet Inspection).

Servers

• NAT routers can forward external port requests to a specific computer on the LAN, allowing a computer on the LAN to act as a publicly-accessible server.
• Publicly-accessible servers are vulnerable to trojans.
  

LAN to internet

• A computer on the LAN sends an IP packet to the router.
• The IP packet specifies the local IP address of the computer, and a unique local port number for the session, as the originating source of the IP packet.
  
• The router maps the local IP address / port number to an external port number, and maintains this mapping in the NAT table.
• The router rewrites the IP packet, using the external IP address / port number, and sends the updated IP packet to the internet.

Internet to LAN

• An external computer sends an IP packet to the router, through the internet.
• The IP packet specifies an external IP address / port number as the destination of the IP packet.
  
• The router maps the external port number to a local IP address / port number, using the NAT table.
• The router rewrites the IP packet using the local IP address / port number, and sends the updated IP packet to the local computer.

• http://www.homenethelp.com/web/explain/about-NAT.asp - NAT Basics