Networking - NAT

NAT (Network Address Translation) translates the IP addresses of computers in the local network (LAN) to the single global global IP address (WAN).

• NAT, per RFC 1631, allows a single device, such as a router, to act as an agent between the Internet (WAN) and a local network (LAN).

While each computer within the local network (LAN) has a specific IP address, external systems only see one IP address (WAN) when connecting to any of the computers within the network.

• The WAN usually has a single IP Address (which is what external systems see).
• On the LAN each computer will have a unique IP address, typically in one or more of the reserved address blocks.

  10.0.0.0/8       (10.0.0.0 - 10.255.255.255)
  172.16.0.0/12    (172.16.0.0 - 172.31.255.255)
  192.168.0.0/16   (192.168.0.0 - 192.168.255.255)

This means that only a single unique IP address is required to represent an entire group of computers to anything outside their network.

When packets pass through the NAT gateway, they will be modified so that they appear to be coming from the NAT gateway itself. The NAT gateway will record the changes it makes in its state table so that it can:

• reverse the changes on return packets and;
• ensure that returned packets are passed through the firewall and are not blocked.

IP forwarding is required so that that packets can travel between network interfaces:

sysctl net.inet.ip.forwarding=1
echo  'net.inet.ip.forwarding=1' >> /etc/sysctl.conf

# sysctl net.inet6.ip6.forwarding=1
# echo  'net.inet6.ip6.forwarding=1' >> /etc/sysctl.conf

RFC 1631

RFC 1918