Now that we have a basic understanding of IP addresses, DHCP and ACLs. NAT would our next tool that will have a critical role with internet access and port forwarding capabilities (more on this later).
As discussed previously, private IP addresses are not routable on the internet and using public addresses on every machine is not a feasible option especially since the world is running out of IPv4 addresses (doable though with IPv6, but more on that in IPv6 posts)
Accordingly, this situation needed a solution and Network Address Translation (NAT) is the solution that solves this.
The function of NAT is usually done by any device that can act as a NAT gateway (typically firewalls, but most routers can do that as well), and in concept that device will reformat the packet headers to use a different Source IP address, Destination IP address, Source Port, or a Destination Port.
The most common use case for NAT is to grant internet access to users with private addresses, this is known as Source PAT. However, there’s also other types of NAT like: Destination NAT, Source NAT (not PAT) and Dynamic NAT.
NAT is usually done on firewalls, However, it can be done on any edge device basically. I will share how it is done on Cisco routers as well.
Under Source NAT, you can have a one-to-one IP translation, this can be useful if you had a single server with a private address and you wanted to translate that into a public IP address that’s globally reachable. generally speaking source NAT on its own is rarely used
Destination NAT can be used in the opposite direction, think for example you have a public IP address and you want to forward a handful of ports to different servers in your private network.
However, both options do not solve our issue when it comes to granting internet access to multiple users and here comes PAT.
PAT offer a many-to-one translation for IP addresses. this is done by having each session translated to a different port and keeping track of those ports for the returning connections.
