An Acronym for Network Address Translation.

NAT is an evil scheme to change IPs as they travel through a gateway. A common special case is “masquerading”, where multiple machines appear to have the gateway's IP address, which is necessary if you have multiple machines trying to communicate with remote hosts on the InterNet but the ISP only gave you one IP address.

If you are trapped behind NAT and need a realworld IP, consider using Teredo to get yourself a realworld IPv6 address.

Types of NAT

Full cone

Packets arriving at the NAT device for a Port previously used by the NAT device to send out packets will be routed to the host inside.

Restricted cone

This is like full cone, except that the internal host must have spoken to the remote host at some point in the past.

Port restricted cone

This is like restricted cone but they must have spoken to the same IP:Port before.

Symmetric

Uses a seperate Port for every IP:Port pair. This cannot work with Teredo or STUN?. This is the worst kind of NAT.

See also

• RFC:1631
• RFC:3489
• NAPT
• Teredo
• STUN?