How Network Address Translation Works (NAT)

Most broadband users will have a NAT (Network Address Translation) router between their computer and the internet. This may be a standalone router device (perhaps a wireless router), or be built into a DSL or cable modem.

In a NAT environment, all systems behind the NAT router form a Local Area Network (LAN), and each system in the LAN has a local IP address (recognizable as four small numbers separated by dots).

The NAT router itself has a local IP address as well.
In addition, the NAT router also has an external IP address by which it is known to the Internet.

For example a system might look like this:

The internal IP addresses are only valid inside the LAN. Think about a server behind a NAT router.
Imagine what might happen if a client requests passive mode, but the server doesn’t know the external IP address of the NAT router.

If the server sends its internal address to the client, two things could happen:

  • If the client is not behind a NAT, the client would abort since the address is invalid.
  • If the client is behind a NAT, the address given by the server might be the same as a system in the client’s own LAN.

In both cases passive mode would be impossible.

So if a server is behind a NAT router, it needs to know the external IP address of the router in passive mode.
In this case, the server sends the router’s external address to the client.

The client then establishes a connection to the NAT router, which in turn routes the connection to the server.

Tags: , ,