Network Address Translation (NAT) can be used for several different matters:
- for better utilizing the IP4 addresses ever becoming scarcer
- for coupling of networks with same (private) address ranges
- for producing unique addresses for network management
In the first application the so-called N:1 NAT, also known as IP masquerading is used. All addresses (“N”) of the local network are mapped to only one (“1”) public address. This clear assignment of data streams to the respective internal PCs is generally made available by the ports of the TCP and UDP protocols. That’s why this is also called NAT/PAT (Network Address Translation/Port Address Translation).
Due to the dynamic assignment of ports, N:1 masquerading enables only those connections, which have been initiated by the internal network. Exception: an internal IP address is statically exposed on a certain port, e.g. to make a LAN server accessible from the outside. This process is called “inverse masquerading”.
A N:N mapping is used for network couplings with identical address ranges. This transforms unambiguously multiple addresses (“N”) of the local network to multiple (“N”) addresses of another network. Thereby, an address conflict can be resolved.
Rules for this address translation are defined in a static table in the LANCOM. Thereby new addresses are assigned to single stations, parts of the network, or the entire LAN, by which the stations can contact other networks then.
Some protocols (FTP, H.323) exchange parameters during their protocol negotiation, which can have influence on the address translation for the N:N mapping. For a correct functioning of the address translation, the connection information of these protocols are tracked appropriately by functions of the firewall in a dynamic table, and are additionally considered to the entries of the static table.