RFC 3022 - Traditional IP Network Address Translator (NAT)

January 2001 Informational

Abstract

The Network Address Translator (NAT) described in this document is a method for connecting an isolated address realm with private unregistered addresses to an external realm with globally unique registered addresses. Address translation is performed transparently to end systems.

NAT Overview

NAT enables private IP networks using unregistered IP addresses to connect to the Internet. NAT operates on a router, usually connecting two networks together, and translates the private (inside local) addresses in the internal network into legal addresses (inside global) before packets are forwarded to another network.

Key Functions

  • Address Translation: Maps private IP addresses to public IP addresses
  • Port Translation: Maps internal ports to external ports (NAPT)
  • Connection Tracking: Maintains state tables for active connections
  • Bidirectional Translation: Handles both outbound and inbound traffic

NAT Types

Static NAT

One-to-one mapping between private and public IP addresses. Each internal host gets a dedicated external IP address.

Dynamic NAT

Many-to-many mapping using a pool of public IP addresses. Internal hosts are assigned available public IPs dynamically.

PAT (Port Address Translation)

Many-to-one mapping where multiple internal hosts share a single public IP address using different port numbers.

NAT Operation

Outbound Translation Process

  1. Internal host sends packet with private source IP
  2. NAT device receives packet at inside interface
  3. NAT translates source IP to public IP address
  4. NAT may also translate source port (NAPT)
  5. NAT creates translation table entry
  6. Packet forwarded to external network

Inbound Translation Process

  1. External host sends response packet
  2. NAT receives packet at outside interface
  3. NAT looks up destination in translation table
  4. NAT translates destination IP back to private IP
  5. NAT may also translate destination port
  6. Packet forwarded to internal network

Benefits and Limitations

Benefits

  • Conserves public IP addresses
  • Provides basic security through address hiding
  • Enables private network connectivity
  • Simplifies network management
  • Allows network renumbering

Limitations

  • Breaks end-to-end connectivity model
  • Complicates peer-to-peer applications
  • Issues with protocols embedding IP addresses
  • Performance overhead from translation
  • Single point of failure

Modern Applications

Enterprise Networks

  • Corporate firewalls
  • Branch office connectivity
  • DMZ implementations
  • Load balancer integration

Cloud Computing

  • AWS NAT Gateways
  • Azure NAT Gateway
  • GCP Cloud NAT
  • Container networking

Home Networks

  • Residential routers
  • ISP customer premises equipment
  • IoT device connectivity
  • Gaming console support
View Official RFC 3022 ← Back to Resources