Network Address Translation (NAT) allows an organization to set up a network using private addresses, but still allowing its members to communicate over the public Internet. NAT allows client IP hosts on a stub network connected to the Internet to access Internet hosts without having to obtain and assign “real” IP addresses for each host. It works by modifying the IP headers, IP addresses and selected fields in upper layer protocol headers so that the hidden internal IP addresses are replaced with a “real” HCC assigned IP address which can safely traverse the Internet. Once the NAT router is assigned at least one “real” IP address, up to 64,000 IP client machines can share this address to simultaneously access Internet hosts.
The NAT module is part of HCC’s MISRA-compliant TCP/IP stack, as shown in the Networking Overview diagram.
The class A address “10.0.0.0” (referred to in this document as the “10 net”) is reserved for private nets, such as those routed by NAT, by RFC 1597. The HCC NAT code can use any address, but unless there is some legacy addressing to be supported (usually due to switching ISPs) the 10 net is recommended.
A simplified example of a NAT routed IP network is illustrated here:
Let’s trace an example packet in this net. In these examples, the IP address/TCP Port number pairs are shown in the format:
SourceIPaddress:TCPPort -> DestinationIPaddress:TCPPort
The local machine with IP address 10.0.0.2 wants to browse a page on an Internet Web server 184.108.40.206. This machine is set up, either manually or with DHCP, for its default router to be 10.0.0.1; thus the first packet is sent to 10.0.0.1 for routing. It has the IP addresses and TCP port numbers of 10.0.0.2:1025->220.127.116.11:80. The 1025 could be any unreserved port number; 1025 is just an example.
The NAT router receives this packet, and by comparing subnet masks, realizes it should be routed out to the Internet. NAT modifies the IP and TCP headers to replace the local 10 net address with its own IP address, and replace the client port number with one not currently in use by the NAT router. The resultant packet in our example may have numbers:
This packet can traverse the Internet to the Web server without problems.
When the NAT router makes this conversion, it creates a dynamic table entry which maps the local to Internet address and port numbers. This way, when the Web server across the net replies, the NAT router can reverse the translation process and send a packet back to the 10.0.0.2 host.