Port address translation
Port Address Translation (PAT) is a feature of a network device that translates TCP or UDP communications made between hosts on a private network and hosts on a public network. It allows a single public
IP addressto be used by many hosts on a private network, which is usually a Local Area Network or LAN.
A PAT device transparently modifies IP packets as they pass through it. The modifications make all the packets which it sends to the public network from the multiple hosts on the private network appear to originate from a single host, (the PAT device) on the public network.
NAT and PAT Distinctions
Different vendors call PAT different names - examples include: Hide-Mode NAT (Check Point), PAT (
Cisco Systems), NAPT (RFC 3022), SNAT/MASQUERADE (Linux iptables), Internet Connection Sharing (Microsoft). NAT is a blanket term for PAT applications (see RFC1631 http://www.ietf.org/rfc/rfc2663.txt) since the primary purpose of NAT is to address the problem of IP Address depletion on the Internet.
Some devices that offer 'NAT', such as broadband routers, actually offer PAT. For this reason, there is considerable confusion between the terms. The common use of NAT to include PAT devices suggests that PAT should be considered a type of NAT rather than a distinct technology.
Relationship between NAT and PAT
PAT is a subset of NAT, and is closely related to the concept of Network Address Translation. PAT is also known as NAT Overload. In PAT there is generally only one publicly exposed IP address and multiple private hosts connecting through the exposed address. Incoming packets from the public network are routed to their destinations on the private network by reference to a table held within the PAT device which keeps track of public and private port pairs.
In PAT, both the sender's private IP and port number are modified; the PAT device chooses the port numbers which will be seen by hosts on the public network. In this way, PAT operates at layer 3 (network) and 4 (transport) of the
OSI model, whereas basic NAT only operates at layer 3.
Establishing Two-Way Communication
Every TCP packet contains both a source
IP addressand source port number as well as a destination IP address and destination port number.
For publicly accessible services such as web servers and mail servers the port number is important. For example, port 80 connects to the web server software and port 25 to a mail server's
SMTPdaemon. The IP address of a public server is also important, similar in global uniqueness to a postal address or telephone number. Both IP address and port must be correctly known by all hosts wishing to successfully communicate. dependent on the particular type of communication (e.g. web, email, FTP).
Private IP addresses as described in RFC 1918 are significant only on private networks where they are used, which is also true for host ports. Ports are unique endpoints of communication on a host, so a connection through the PAT device is maintained by the combined mapping of port and IP address.
PAT resolves conflicts that would arise through two different hosts using the same source port number to establish unique connections at the same time.
An Analogy of PAT
A PAT device is similar to an office that has one public telephone number. Outbound phone calls made from the office all appear to come from the same telephone number. However, incoming calls are directed to the correct private extension by the office's phone system.
Translation of the Endpoint
With PAT, all communication sent to external hosts actually contain the IP address and port information of the PAT device instead of internal host IPs or port numbers.
*When a computer on the private (internal) network sends a packet to the external network, the PAT device replaces the internal IP address in the source field of the packet header ("sender's address") with the IP address of the PAT device. It then assigns the connection a port number from a pool of available ports, inserting this port number in the source port field (much like the "post office box number"), and forwards the packet to the external network. The PAT device then makes an entry in a translation table containing the internal IP address, original source port, and the translated source port. Subsequent packets from the same connection are translated to the same port number.
*The computer receiving a packet that has undergone PAT establishes a connection to the port and IP address specified in the altered packet, oblivious to the fact that the supplied address is being translated (analogous to using a "post office box number").
*A packet coming from the external network is mapped to a corresponding internal IP address and port number from the translation table, replacing the external IP address and port number in the incoming packet header (similar to the translation from "
post office boxnumber" to " street address"). The packet is then forwarded over the inside network. Otherwise, if the destination port number of the incoming packet is not found in the translation table, the packet is dropped or rejected because the PAT device doesn't know where to send it.
PAT will only translate IP addresses and ports of its internal hosts, hiding the true endpoint of an internal host on a private network.
Visibility of Operation
The PAT operation is typically transparent to both the internal and external hosts.
Typically the internal host is aware of the true IP address and TCP or UDP port of the external host. Typically the PAT device may function as the default gateway for the internal host. However the external host is only aware of the public IP address for the PAT device and the particular port being used to communicate on behalf of a specific internal host.
Uses of PAT
Software firewalls and broadband network access devices (e.g.
ADSL routers) are examples of network technologies that may contain PAT implementations. When configuring these devices, the external network is the Internetand the internal network is a LAN.
Examples of PAT
A host at IP address 192.168.0.2 on the private network may ask for a connection to a remote host on the public network. The initial packet is given the address 192.168.0.2:15345. The PAT device (which we assume has a public IP of 18.104.22.168) may arbitrarily translate this source address:port pair to 22.214.171.124:16529, making an entry in its internal table that port 16529 being used for a connection by 192.168.0.2 on the private network. When a packet is received from the public network by the PAT device for address 126.96.36.199:16529 the packet is forwarded to 192.168.0.2:15345.
Advantages of PAT
In addition to the advantages provided by NAT:
*PAT allows multiple internal hosts to share a single external IP address.
Disadvantages of PAT
*Scalability - Many hosts on the private network make many connections to the public network. Since there are only a limited number of ports available, the PAT device may eventually have insufficient space in the translation table.
*RFC 1918 - Address Allocation for Private Internets
Wikimedia Foundation. 2010.
Look at other dictionaries:
Port address translation — Saltar a navegación, búsqueda Port Address Translation (PAT) es una característica del estándar NAT, que traduce conexiones TCP y UDP hechas por un host y un puerto en una red externa a otra dirección y puerto de la red interna. Permite que una… … Wikipedia Español
Port Address Translation — Port and Address Translation (PAT) oder Network Address Port Translation (NAPT) ist eine Technik, die in Computernetzwerken verwendet wird. Sie ist eine spezielle Form von NAT (1 zu n NAT). Dabei werden im Gegensatz zu NAT nicht nur die IP… … Deutsch Wikipedia
Network address translation — NAT redirects here. For other uses, see Nat (disambiguation). In computer networking, network address translation (NAT) is the process of modifying IP address information in IP packet headers while in transit across a traffic routing device. The… … Wikipedia
Network address translation — Dieser Artikel oder Abschnitt bedarf einer Überarbeitung. Näheres ist auf der Diskussionsseite angegeben. Hilf mit, ihn zu verbessern, und entferne anschließend diese Markierung. Network Address Translation (NAT) ist in Rechnernetzen der… … Deutsch Wikipedia
Network Address Translation — Pour les articles homonymes, voir NAT. En informatique, on dit qu un routeur fait du Network Address Translation (NAT) (ce qu on peut traduire de l anglais par « traduction d adresse réseau » – certains utilisent encore le mot… … Wikipédia en Français
Network address translation — Pour les articles homonymes, voir NAT. En réseau informatique, on dit qu un routeur fait du Network Address Translation (NAT) (« traduction d adresse réseau ») lorsqu il fait correspondre les adresses IP internes non uniques et… … Wikipédia en Français
Network Address Translation — (NAT) ist in Rechnernetzen der Sammelbegriff für Verfahren, die automatisiert Adressinformationen in Datenpaketen durch andere ersetzen, um verschiedene Netze zu verbinden. Daher kommen sie typischerweise auf Routern zum Einsatz.… … Deutsch Wikipedia
Network Address Translation — NAT (Network Address Translation Traducción de Dirección de Red) es un mecanismo utilizado por enrutadores IP para intercambiar paquetes entre dos redes que se asignan mutuamente direcciones incompatibles. Consiste en convertir en tiempo real las … Wikipedia Español
MAC Address Translation — (auch MAT) bezeichnet das Übersetzen einer MAC Adresse in eine andere. Das Verfahren wird vor allem bei Providern eingesetzt, die Angriffe auf andere Kunden auf Ethernetebene verhindern wollen. Eingerichtet wird MAC Address Translation zum… … Deutsch Wikipedia
Translation (disambiguation) — Translation, translate, or translator may refer to: * translation, conversion of text from one language to another * technical translation, translation of technical texts from one language to anotherIn science and mathematics: * translation… … Wikipedia