Please Whitelist This Site?

I know everyone hates ads. But please understand that I am providing premium content for free that takes hundreds of hours of time to research and write. I don't want to go to a pay-only model like some sites, but when more and more people block ads, I end up working for free. And I have a family to support, just like you. :)

If you like The TCP/IP Guide, please consider the download version. It's priced very economically and you can read all of it in a convenient format without ads.

If you want to use this site for free, I'd be grateful if you could add the site to the whitelist for Adblock. To do so, just open the Adblock menu and select "Disable on tcpipguide.com". Or go to the Tools menu and select "Adblock Plus Preferences...". Then click "Add Filter..." at the bottom, and add this string: "@@||tcpipguide.com^$document". Then just click OK.

Thanks for your understanding!

Sincerely, Charles Kozierok
Author and Publisher, The TCP/IP Guide


NOTE: Using software to mass-download the site degrades the server and is prohibited.
If you want to read The TCP/IP Guide offline, please consider licensing it. Thank you.

The Book is Here... and Now On Sale!

Read offline with no ads or diagram watermarks!
The TCP/IP Guide

Custom Search







Table Of Contents  The TCP/IP Guide
 9  TCP/IP Lower-Layer (Interface, Internet and Transport) Protocols (OSI Layers 2, 3 and 4)
      9  TCP/IP Internet Layer (OSI Network Layer) Protocols
           9  Internet Protocol (IP/IPv4, IPng/IPv6) and IP-Related Protocols (IP NAT, IPSec, Mobile IP)
                9  IP Network Address Translation (NAT) Protocol

Previous Topic/Section
IP NAT Bidirectional (Two-Way/Inbound) Operation
Previous Page
Pages in Current Topic/Section
1
2
Next Page
 IP NAT "Overlapping" / "Twice NAT" Operation
Next Topic/Section

IP NAT Port-Based ("Overloaded") Operation: Network Address Port Translation (NAPT) / Port Address Translation (PAT)
(Page 2 of 2)

Port-Based NAT Example

The operation of NAPT/PAT is very similar to the way regular NAT works, except that port numbers are also translated. For a traditional outbound transaction, the source port number is changed on the request at the same time that the source address is modified; the destination port number is modified on the response with the destination address.

Let's consider again the example we looked at in the topic on Traditional NAT, but this time in a PAT environment. Device 10.0.0.207 was one of 250 hosts on a private network accessing the WWW server at 204.51.16.12. Let's say that because PAT is being used, to save money all 250 are sharing a single inside global address, 194.54.21.7, instead of a pool of 20. The transaction would proceed as described in Table 76 and diagrammed in Figure 114.


Table 76: Operation Of Port-Based (“Overloaded”) NAT

Step #

Description

Datagram Type

Datagram Source Address:Port

Datagram Destination Address:Port

1

Inside Client Generates Request And Sends To NAT Router: Device 10.0.0.207 generates an HTTP request to the server at 204.51.16.12. The standard server port for WWW is 80, so the destination port of the request is 80; let's say the source port on the client is 7000. The datagram is sent to the NAT-capable router that connects the organization's internal network to the Internet.

Request (from inside client to outside server)

10.0.0.207:7000
(Inside Local)

204.51.16.12:80
(Outside Local)

2

NAT Router Translates Source Address And Port And Sends To Outside Server: The NAT router realizes that 10.0.0.207 is an inside local address and knows it must substitute an inside global address. Here though, there are multiple hosts sharing the single inside global address 194.54.21.7. Lets say that port 7000 is already in use for that address by another private host connection. The router substitutes the inside global address and also chooses a new source port number, say 7224, for this request. The destination address and port are not changed.

 

The NAT router puts the address and port mapping into its translation table. It sends the modified datagram out, which arrives at the server at 204.51.16.12.

194.54.21.7:7224
(Inside Global)

204.51.16.12
(Outside Global)

 

 

 

 

 

3

Outside Server Generates Response And Sends Back To NAT Router: The server at 204.51.16.12 generates an HTTP response. It of course has no idea that NAT was involved; it sees an address of 194.54.21.7 and port of 7224 in the request sent to it, so it sends back to that address and port.

Response (from outside server to inside client)

204.51.16.12:80
(Outside Global)

194.54.21.7:7224
(Inside Global)

4

NAT Router Translates Destination Address And Port And Delivers Datagram To Inside Client: The NAT router sees the address 94.54.21.7 and port 7224 in the response that arrived from the Internet. It consults its translation table and knows this datagram is intended for 10.0.0.207, port 7000. This time the destination address and port are changed but not the source. The router then delivers the datagram back to the originating client.

204.51.16.12:80
(Outside Local)

10.0.0.207:7000
(Inside Local)


Figure 114: Operation Of Port-Based (“Overloaded”) NAT

This figure is very similar to Figure 112, except that the source and destination port numbers have been shown, since they are used in this type of NAT. Translated addresses/ports are in bold. Table 76 contains a complete explanation of the four steps in port-based NAT. Refer to Figure 111 for an explanation of address types.

 

Key Concept: In port-based NAT, the NAT router translates the source address and port of an outgoing request from inside local to inside global form. It then transforms the destination address and port of the response from inside global to inside local. The outside local and outside global addresses are the same in both request and reply.


One other issue related to NAPT/PAT is worth mentioning: it assumes that all traffic uses either UDP or TCP at the transport layer. While generally the case, this may not always be true. If there is no port number, port translation cannot be done and the method will not work.


Previous Topic/Section
IP NAT Bidirectional (Two-Way/Inbound) Operation
Previous Page
Pages in Current Topic/Section
1
2
Next Page
 IP NAT "Overlapping" / "Twice NAT" Operation
Next Topic/Section

If you find The TCP/IP Guide useful, please consider making a small Paypal donation to help the site, using one of the buttons below. You can also donate a custom amount using the far right button (not less than $1 please, or PayPal gets most/all of your money!) In lieu of a larger donation, you may wish to consider purchasing a download license of The TCP/IP Guide. Thanks for your support!
Donate $2
Donate $5
Donate $10
Donate $20
Donate $30
Donate: $


Home - Table Of Contents - Contact Us

The TCP/IP Guide (http://www.TCPIPGuide.com)
Version 3.0 - Version Date: September 20, 2005

© Copyright 2001-2005 Charles M. Kozierok. All Rights Reserved.
Not responsible for any loss resulting from the use of this site.