CINXE.COM

<!DOCTYPE html> <html class="client-nojs vector-feature-language-in-header-enabled vector-feature-language-in-main-page-header-disabled vector-feature-sticky-header-disabled vector-feature-page-tools-pinned-disabled vector-feature-toc-pinned-clientpref-1 vector-feature-main-menu-pinned-disabled vector-feature-limited-width-clientpref-1 vector-feature-limited-width-content-enabled vector-feature-custom-font-size-clientpref-1 vector-feature-appearance-pinned-clientpref-1 vector-feature-night-mode-enabled skin-theme-clientpref-day vector-toc-available" lang="en" dir="ltr"> <head> <meta charset="UTF-8"> <title>Network address translation - Wikipedia</title> <script>(function(){var className="client-js vector-feature-language-in-header-enabled vector-feature-language-in-main-page-header-disabled vector-feature-sticky-header-disabled vector-feature-page-tools-pinned-disabled vector-feature-toc-pinned-clientpref-1 vector-feature-main-menu-pinned-disabled vector-feature-limited-width-clientpref-1 vector-feature-limited-width-content-enabled vector-feature-custom-font-size-clientpref-1 vector-feature-appearance-pinned-clientpref-1 vector-feature-night-mode-enabled skin-theme-clientpref-day vector-toc-available";var cookie=document.cookie.match(/(?:^|; )enwikimwclientpreferences=([^;]+)/);if(cookie){cookie[1].split('%2C').forEach(function(pref){className=className.replace(new RegExp('(^| )'+pref.replace(/-clientpref-\w+$|[^\w-]+/g,'')+'-clientpref-\\w+( |$)'),'$1'+pref+'$2');});}document.documentElement.className=className;}());RLCONF={"wgBreakFrames":false,"wgSeparatorTransformTable":["",""],"wgDigitTransformTable":["",""],"wgDefaultDateFormat":"dmy", "wgMonthNames":["","January","February","March","April","May","June","July","August","September","October","November","December"],"wgRequestId":"b15e834b-3cb7-483c-8507-12842baa6dda","wgCanonicalNamespace":"","wgCanonicalSpecialPageName":false,"wgNamespaceNumber":0,"wgPageName":"Network_address_translation","wgTitle":"Network address translation","wgCurRevisionId":1258591625,"wgRevisionId":1258591625,"wgArticleId":53036,"wgIsArticle":true,"wgIsRedirect":false,"wgAction":"view","wgUserName":null,"wgUserGroups":["*"],"wgCategories":["Articles with short description","Short description is different from Wikidata","Use American English from February 2022","All Wikipedia articles written in American English","Articles containing potentially dated statements from 2006","All articles containing potentially dated statements","All articles with unsourced statements","Articles with unsourced statements from February 2011","Commons category link is on Wikidata", "Pages displaying short descriptions of redirect targets via Module:Annotated link","Webarchive template wayback links","Webarchive template archiveis links","Network address translation"],"wgPageViewLanguage":"en","wgPageContentLanguage":"en","wgPageContentModel":"wikitext","wgRelevantPageName":"Network_address_translation","wgRelevantArticleId":53036,"wgIsProbablyEditable":true,"wgRelevantPageIsProbablyEditable":true,"wgRestrictionEdit":[],"wgRestrictionMove":[],"wgNoticeProject":"wikipedia","wgCiteReferencePreviewsActive":false,"wgFlaggedRevsParams":{"tags":{"status":{"levels":1}}},"wgMediaViewerOnClick":true,"wgMediaViewerEnabledByDefault":true,"wgPopupsFlags":0,"wgVisualEditor":{"pageLanguageCode":"en","pageLanguageDir":"ltr","pageVariantFallbacks":"en"},"wgMFDisplayWikibaseDescriptions":{"search":true,"watchlist":true,"tagline":false,"nearby":true},"wgWMESchemaEditAttemptStepOversample":false,"wgWMEPageLength":50000,"wgRelatedArticlesCompat":[],"wgCentralAuthMobileDomain":false, "wgEditSubmitButtonLabelPublish":true,"wgULSPosition":"interlanguage","wgULSisCompactLinksEnabled":false,"wgVector2022LanguageInHeader":true,"wgULSisLanguageSelectorEmpty":false,"wgWikibaseItemId":"Q11182","wgCheckUserClientHintsHeadersJsApi":["brands","architecture","bitness","fullVersionList","mobile","model","platform","platformVersion"],"GEHomepageSuggestedEditsEnableTopics":true,"wgGETopicsMatchModeEnabled":false,"wgGEStructuredTaskRejectionReasonTextInputEnabled":false,"wgGELevelingUpEnabledForUser":false};RLSTATE={"ext.globalCssJs.user.styles":"ready","site.styles":"ready","user.styles":"ready","ext.globalCssJs.user":"ready","user":"ready","user.options":"loading","ext.cite.styles":"ready","skins.vector.search.codex.styles":"ready","skins.vector.styles":"ready","skins.vector.icons":"ready","ext.wikimediamessages.styles":"ready","ext.visualEditor.desktopArticleTarget.noscript":"ready","ext.uls.interlanguage":"ready","wikibase.client.init":"ready","ext.wikimediaBadges":"ready"}; RLPAGEMODULES=["ext.cite.ux-enhancements","mediawiki.page.media","site","mediawiki.page.ready","mediawiki.toc","skins.vector.js","ext.centralNotice.geoIP","ext.centralNotice.startUp","ext.gadget.ReferenceTooltips","ext.gadget.switcher","ext.urlShortener.toolbar","ext.centralauth.centralautologin","mmv.bootstrap","ext.popups","ext.visualEditor.desktopArticleTarget.init","ext.visualEditor.targetLoader","ext.echo.centralauth","ext.eventLogging","ext.wikimediaEvents","ext.navigationTiming","ext.uls.interface","ext.cx.eventlogging.campaigns","ext.cx.uls.quick.actions","wikibase.client.vector-2022","ext.checkUser.clientHints","ext.quicksurveys.init","ext.growthExperiments.SuggestedEditSession","wikibase.sidebar.tracking"];</script> <script>(RLQ=window.RLQ||[]).push(function(){mw.loader.impl(function(){return["user.options@12s5i",function($,jQuery,require,module){mw.user.tokens.set({"patrolToken":"+\\","watchToken":"+\\","csrfToken":"+\\"}); }];});});</script> <link rel="stylesheet" href="/w/load.php?lang=en&modules=ext.cite.styles%7Cext.uls.interlanguage%7Cext.visualEditor.desktopArticleTarget.noscript%7Cext.wikimediaBadges%7Cext.wikimediamessages.styles%7Cskins.vector.icons%2Cstyles%7Cskins.vector.search.codex.styles%7Cwikibase.client.init&only=styles&skin=vector-2022"> <script async="" src="/w/load.php?lang=en&modules=startup&only=scripts&raw=1&skin=vector-2022"></script> <meta name="ResourceLoaderDynamicStyles" content=""> <link rel="stylesheet" href="/w/load.php?lang=en&modules=site.styles&only=styles&skin=vector-2022"> <meta name="generator" content="MediaWiki 1.44.0-wmf.4"> <meta name="referrer" content="origin"> <meta name="referrer" content="origin-when-cross-origin"> <meta name="robots" content="max-image-preview:standard"> <meta name="format-detection" content="telephone=no"> <meta property="og:image" content="https://upload.wikimedia.org/wikipedia/commons/thumb/c/c7/NAT_Concept-en.svg/1200px-NAT_Concept-en.svg.png"> <meta property="og:image:width" content="1200"> <meta property="og:image:height" content="555"> <meta property="og:image" content="https://upload.wikimedia.org/wikipedia/commons/thumb/c/c7/NAT_Concept-en.svg/800px-NAT_Concept-en.svg.png"> <meta property="og:image:width" content="800"> <meta property="og:image:height" content="370"> <meta property="og:image" content="https://upload.wikimedia.org/wikipedia/commons/thumb/c/c7/NAT_Concept-en.svg/640px-NAT_Concept-en.svg.png"> <meta property="og:image:width" content="640"> <meta property="og:image:height" content="296"> <meta name="viewport" content="width=1120"> <meta property="og:title" content="Network address translation - Wikipedia"> <meta property="og:type" content="website"> <link rel="preconnect" href="//upload.wikimedia.org"> <link rel="alternate" media="only screen and (max-width: 640px)" href="//en.m.wikipedia.org/wiki/Network_address_translation"> <link rel="alternate" type="application/x-wiki" title="Edit this page" href="/w/index.php?title=Network_address_translation&action=edit"> <link rel="apple-touch-icon" href="/static/apple-touch/wikipedia.png"> <link rel="icon" href="/static/favicon/wikipedia.ico"> <link rel="search" type="application/opensearchdescription+xml" href="/w/rest.php/v1/search" title="Wikipedia (en)"> <link rel="EditURI" type="application/rsd+xml" href="//en.wikipedia.org/w/api.php?action=rsd"> <link rel="canonical" href="https://en.wikipedia.org/wiki/Network_address_translation"> <link rel="license" href="https://creativecommons.org/licenses/by-sa/4.0/deed.en"> <link rel="alternate" type="application/atom+xml" title="Wikipedia Atom feed" href="/w/index.php?title=Special:RecentChanges&feed=atom"> <link rel="dns-prefetch" href="//meta.wikimedia.org" /> <link rel="dns-prefetch" href="//login.wikimedia.org"> </head> <body class="skin--responsive skin-vector skin-vector-search-vue mediawiki ltr sitedir-ltr mw-hide-empty-elt ns-0 ns-subject mw-editable page-Network_address_translation rootpage-Network_address_translation skin-vector-2022 action-view"><a class="mw-jump-link" href="#bodyContent">Jump to content</a> <div class="vector-header-container"> <header class="vector-header mw-header"> <div class="vector-header-start"> <nav class="vector-main-menu-landmark" aria-label="Site"> <div id="vector-main-menu-dropdown" class="vector-dropdown vector-main-menu-dropdown vector-button-flush-left vector-button-flush-right" > <input type="checkbox" id="vector-main-menu-dropdown-checkbox" role="button" aria-haspopup="true" data-event-name="ui.dropdown-vector-main-menu-dropdown" class="vector-dropdown-checkbox " aria-label="Main menu" > <label id="vector-main-menu-dropdown-label" for="vector-main-menu-dropdown-checkbox" class="vector-dropdown-label cdx-button cdx-button--fake-button cdx-button--fake-button--enabled cdx-button--weight-quiet cdx-button--icon-only " aria-hidden="true" ><span class="vector-icon mw-ui-icon-menu mw-ui-icon-wikimedia-menu"></span> <span class="vector-dropdown-label-text">Main menu</span> </label> <div class="vector-dropdown-content"> <div id="vector-main-menu-unpinned-container" class="vector-unpinned-container"> <div id="vector-main-menu" class="vector-main-menu vector-pinnable-element"> <div class="vector-pinnable-header vector-main-menu-pinnable-header vector-pinnable-header-unpinned" data-feature-name="main-menu-pinned" data-pinnable-element-id="vector-main-menu" data-pinned-container-id="vector-main-menu-pinned-container" data-unpinned-container-id="vector-main-menu-unpinned-container" > <div class="vector-pinnable-header-label">Main menu</div> <button class="vector-pinnable-header-toggle-button vector-pinnable-header-pin-button" data-event-name="pinnable-header.vector-main-menu.pin">move to sidebar</button> <button class="vector-pinnable-header-toggle-button vector-pinnable-header-unpin-button" data-event-name="pinnable-header.vector-main-menu.unpin">hide</button> </div> <div id="p-navigation" class="vector-menu mw-portlet mw-portlet-navigation" > <div class="vector-menu-heading"> Navigation </div> <div class="vector-menu-content"> <ul class="vector-menu-content-list"> <li id="n-mainpage-description" class="mw-list-item"><a href="/wiki/Main_Page" title="Visit the main page [z]" accesskey="z"><span>Main page</span></a></li><li id="n-contents" class="mw-list-item"><a href="/wiki/Wikipedia:Contents" title="Guides to browsing Wikipedia"><span>Contents</span></a></li><li id="n-currentevents" class="mw-list-item"><a href="/wiki/Portal:Current_events" title="Articles related to current events"><span>Current events</span></a></li><li id="n-randompage" class="mw-list-item"><a href="/wiki/Special:Random" title="Visit a randomly selected article [x]" accesskey="x"><span>Random article</span></a></li><li id="n-aboutsite" class="mw-list-item"><a href="/wiki/Wikipedia:About" title="Learn about Wikipedia and how it works"><span>About Wikipedia</span></a></li><li id="n-contactpage" class="mw-list-item"><a href="//en.wikipedia.org/wiki/Wikipedia:Contact_us" title="How to contact Wikipedia"><span>Contact us</span></a></li> </ul> </div> </div> <div id="p-interaction" class="vector-menu mw-portlet mw-portlet-interaction" > <div class="vector-menu-heading"> Contribute </div> <div class="vector-menu-content"> <ul class="vector-menu-content-list"> <li id="n-help" class="mw-list-item"><a href="/wiki/Help:Contents" title="Guidance on how to use and edit Wikipedia"><span>Help</span></a></li><li id="n-introduction" class="mw-list-item"><a href="/wiki/Help:Introduction" title="Learn how to edit Wikipedia"><span>Learn to edit</span></a></li><li id="n-portal" class="mw-list-item"><a href="/wiki/Wikipedia:Community_portal" title="The hub for editors"><span>Community portal</span></a></li><li id="n-recentchanges" class="mw-list-item"><a href="/wiki/Special:RecentChanges" title="A list of recent changes to Wikipedia [r]" accesskey="r"><span>Recent changes</span></a></li><li id="n-upload" class="mw-list-item"><a href="/wiki/Wikipedia:File_upload_wizard" title="Add images or other media for use on Wikipedia"><span>Upload file</span></a></li> </ul> </div> </div> </div> </div> </div> </div> </nav> <a href="/wiki/Main_Page" class="mw-logo"> <img class="mw-logo-icon" src="/static/images/icons/wikipedia.png" alt="" aria-hidden="true" height="50" width="50"> <span class="mw-logo-container skin-invert"> <img class="mw-logo-wordmark" alt="Wikipedia" src="/static/images/mobile/copyright/wikipedia-wordmark-en.svg" style="width: 7.5em; height: 1.125em;"> <img class="mw-logo-tagline" alt="The Free Encyclopedia" src="/static/images/mobile/copyright/wikipedia-tagline-en.svg" width="117" height="13" style="width: 7.3125em; height: 0.8125em;"> </span> </a> </div> <div class="vector-header-end"> <div id="p-search" role="search" class="vector-search-box-vue vector-search-box-collapses vector-search-box-show-thumbnail vector-search-box-auto-expand-width vector-search-box"> <a href="/wiki/Special:Search" class="cdx-button cdx-button--fake-button cdx-button--fake-button--enabled cdx-button--weight-quiet cdx-button--icon-only search-toggle" title="Search Wikipedia [f]" accesskey="f"><span class="vector-icon mw-ui-icon-search mw-ui-icon-wikimedia-search"></span> <span>Search</span> </a> <div class="vector-typeahead-search-container"> <div class="cdx-typeahead-search cdx-typeahead-search--show-thumbnail cdx-typeahead-search--auto-expand-width"> <form action="/w/index.php" id="searchform" class="cdx-search-input cdx-search-input--has-end-button"> <div id="simpleSearch" class="cdx-search-input__input-wrapper" data-search-loc="header-moved"> <div class="cdx-text-input cdx-text-input--has-start-icon"> <input class="cdx-text-input__input" type="search" name="search" placeholder="Search Wikipedia" aria-label="Search Wikipedia" autocapitalize="sentences" title="Search Wikipedia [f]" accesskey="f" id="searchInput" > <span class="cdx-text-input__icon cdx-text-input__start-icon"></span> </div> <input type="hidden" name="title" value="Special:Search"> </div> <button class="cdx-button cdx-search-input__end-button">Search</button> </form> </div> </div> </div> <nav class="vector-user-links vector-user-links-wide" aria-label="Personal tools"> <div class="vector-user-links-main"> <div id="p-vector-user-menu-preferences" class="vector-menu mw-portlet emptyPortlet" > <div class="vector-menu-content"> <ul class="vector-menu-content-list"> </ul> </div> </div> <div id="p-vector-user-menu-userpage" class="vector-menu mw-portlet emptyPortlet" > <div class="vector-menu-content"> <ul class="vector-menu-content-list"> </ul> </div> </div> <nav class="vector-appearance-landmark" aria-label="Appearance"> <div id="vector-appearance-dropdown" class="vector-dropdown " title="Change the appearance of the page's font size, width, and color" > <input type="checkbox" id="vector-appearance-dropdown-checkbox" role="button" aria-haspopup="true" data-event-name="ui.dropdown-vector-appearance-dropdown" class="vector-dropdown-checkbox " aria-label="Appearance" > <label id="vector-appearance-dropdown-label" for="vector-appearance-dropdown-checkbox" class="vector-dropdown-label cdx-button cdx-button--fake-button cdx-button--fake-button--enabled cdx-button--weight-quiet cdx-button--icon-only " aria-hidden="true" ><span class="vector-icon mw-ui-icon-appearance mw-ui-icon-wikimedia-appearance"></span> <span class="vector-dropdown-label-text">Appearance</span> </label> <div class="vector-dropdown-content"> <div id="vector-appearance-unpinned-container" class="vector-unpinned-container"> </div> </div> </div> </nav> <div id="p-vector-user-menu-notifications" class="vector-menu mw-portlet emptyPortlet" > <div class="vector-menu-content"> <ul class="vector-menu-content-list"> </ul> </div> </div> <div id="p-vector-user-menu-overflow" class="vector-menu mw-portlet" > <div class="vector-menu-content"> <ul class="vector-menu-content-list"> <li id="pt-sitesupport-2" class="user-links-collapsible-item mw-list-item user-links-collapsible-item"><a data-mw="interface" href="https://donate.wikimedia.org/wiki/Special:FundraiserRedirector?utm_source=donate&utm_medium=sidebar&utm_campaign=C13_en.wikipedia.org&uselang=en" class=""><span>Donate</span></a> </li> <li id="pt-createaccount-2" class="user-links-collapsible-item mw-list-item user-links-collapsible-item"><a data-mw="interface" href="/w/index.php?title=Special:CreateAccount&returnto=Network+address+translation" title="You are encouraged to create an account and log in; however, it is not mandatory" class=""><span>Create account</span></a> </li> <li id="pt-login-2" class="user-links-collapsible-item mw-list-item user-links-collapsible-item"><a data-mw="interface" href="/w/index.php?title=Special:UserLogin&returnto=Network+address+translation" title="You're encouraged to log in; however, it's not mandatory. [o]" accesskey="o" class=""><span>Log in</span></a> </li> </ul> </div> </div> </div> <div id="vector-user-links-dropdown" class="vector-dropdown vector-user-menu vector-button-flush-right vector-user-menu-logged-out" title="Log in and more options" > <input type="checkbox" id="vector-user-links-dropdown-checkbox" role="button" aria-haspopup="true" data-event-name="ui.dropdown-vector-user-links-dropdown" class="vector-dropdown-checkbox " aria-label="Personal tools" > <label id="vector-user-links-dropdown-label" for="vector-user-links-dropdown-checkbox" class="vector-dropdown-label cdx-button cdx-button--fake-button cdx-button--fake-button--enabled cdx-button--weight-quiet cdx-button--icon-only " aria-hidden="true" ><span class="vector-icon mw-ui-icon-ellipsis mw-ui-icon-wikimedia-ellipsis"></span> <span class="vector-dropdown-label-text">Personal tools</span> </label> <div class="vector-dropdown-content"> <div id="p-personal" class="vector-menu mw-portlet mw-portlet-personal user-links-collapsible-item" title="User menu" > <div class="vector-menu-content"> <ul class="vector-menu-content-list"> <li id="pt-sitesupport" class="user-links-collapsible-item mw-list-item"><a href="https://donate.wikimedia.org/wiki/Special:FundraiserRedirector?utm_source=donate&utm_medium=sidebar&utm_campaign=C13_en.wikipedia.org&uselang=en"><span>Donate</span></a></li><li id="pt-createaccount" class="user-links-collapsible-item mw-list-item"><a href="/w/index.php?title=Special:CreateAccount&returnto=Network+address+translation" title="You are encouraged to create an account and log in; however, it is not mandatory"><span class="vector-icon mw-ui-icon-userAdd mw-ui-icon-wikimedia-userAdd"></span> <span>Create account</span></a></li><li id="pt-login" class="user-links-collapsible-item mw-list-item"><a href="/w/index.php?title=Special:UserLogin&returnto=Network+address+translation" title="You're encouraged to log in; however, it's not mandatory. [o]" accesskey="o"><span class="vector-icon mw-ui-icon-logIn mw-ui-icon-wikimedia-logIn"></span> <span>Log in</span></a></li> </ul> </div> </div> <div id="p-user-menu-anon-editor" class="vector-menu mw-portlet mw-portlet-user-menu-anon-editor" > <div class="vector-menu-heading"> Pages for logged out editors <a href="/wiki/Help:Introduction" aria-label="Learn more about editing"><span>learn more</span></a> </div> <div class="vector-menu-content"> <ul class="vector-menu-content-list"> <li id="pt-anoncontribs" class="mw-list-item"><a href="/wiki/Special:MyContributions" title="A list of edits made from this IP address [y]" accesskey="y"><span>Contributions</span></a></li><li id="pt-anontalk" class="mw-list-item"><a href="/wiki/Special:MyTalk" title="Discussion about edits from this IP address [n]" accesskey="n"><span>Talk</span></a></li> </ul> </div> </div> </div> </div> </nav> </div> </header> </div> <div class="mw-page-container"> <div class="mw-page-container-inner"> <div class="vector-sitenotice-container"> <div id="siteNotice"></div> </div> <div class="vector-column-start"> <div class="vector-main-menu-container"> <div id="mw-navigation"> <nav id="mw-panel" class="vector-main-menu-landmark" aria-label="Site"> <div id="vector-main-menu-pinned-container" class="vector-pinned-container"> </div> </nav> </div> </div> <div class="vector-sticky-pinned-container"> <nav id="mw-panel-toc" aria-label="Contents" data-event-name="ui.sidebar-toc" class="mw-table-of-contents-container vector-toc-landmark"> <div id="vector-toc-pinned-container" class="vector-pinned-container"> <div id="vector-toc" class="vector-toc vector-pinnable-element"> <div class="vector-pinnable-header vector-toc-pinnable-header vector-pinnable-header-pinned" data-feature-name="toc-pinned" data-pinnable-element-id="vector-toc" > <h2 class="vector-pinnable-header-label">Contents</h2> <button class="vector-pinnable-header-toggle-button vector-pinnable-header-pin-button" data-event-name="pinnable-header.vector-toc.pin">move to sidebar</button> <button class="vector-pinnable-header-toggle-button vector-pinnable-header-unpin-button" data-event-name="pinnable-header.vector-toc.unpin">hide</button> </div> <ul class="vector-toc-contents" id="mw-panel-toc-list"> <li id="toc-mw-content-text" class="vector-toc-list-item vector-toc-level-1"> <a href="#" class="vector-toc-link"> <div class="vector-toc-text">(Top)</div> </a> </li> <li id="toc-History" class="vector-toc-list-item vector-toc-level-1 vector-toc-list-item-expanded"> <a class="vector-toc-link" href="#History"> <div class="vector-toc-text"> <span class="vector-toc-numb">1</span> <span>History</span> </div> </a> <ul id="toc-History-sublist" class="vector-toc-list"> </ul> </li> <li id="toc-Basic_NAT" class="vector-toc-list-item vector-toc-level-1 vector-toc-list-item-expanded"> <a class="vector-toc-link" href="#Basic_NAT"> <div class="vector-toc-text"> <span class="vector-toc-numb">2</span> <span>Basic NAT</span> </div> </a> <ul id="toc-Basic_NAT-sublist" class="vector-toc-list"> </ul> </li> <li id="toc-One-to-many_NAT" class="vector-toc-list-item vector-toc-level-1 vector-toc-list-item-expanded"> <a class="vector-toc-link" href="#One-to-many_NAT"> <div class="vector-toc-text"> <span class="vector-toc-numb">3</span> <span>One-to-many NAT</span> </div> </a> <ul id="toc-One-to-many_NAT-sublist" class="vector-toc-list"> </ul> </li> <li id="toc-Methods_of_translation" class="vector-toc-list-item vector-toc-level-1 vector-toc-list-item-expanded"> <a class="vector-toc-link" href="#Methods_of_translation"> <div class="vector-toc-text"> <span class="vector-toc-numb">4</span> <span>Methods of translation</span> </div> </a> <button aria-controls="toc-Methods_of_translation-sublist" class="cdx-button cdx-button--weight-quiet cdx-button--icon-only vector-toc-toggle"> <span class="vector-icon mw-ui-icon-wikimedia-expand"></span> <span>Toggle Methods of translation subsection</span> </button> <ul id="toc-Methods_of_translation-sublist" class="vector-toc-list"> <li id="toc-NAT_mapping_vs_NAT_filtering" class="vector-toc-list-item vector-toc-level-2"> <a class="vector-toc-link" href="#NAT_mapping_vs_NAT_filtering"> <div class="vector-toc-text"> <span class="vector-toc-numb">4.1</span> <span>NAT mapping vs NAT filtering</span> </div> </a> <ul id="toc-NAT_mapping_vs_NAT_filtering-sublist" class="vector-toc-list"> </ul> </li> </ul> </li> <li id="toc-Type_of_NAT_and_NAT_traversal,_role_of_port_preservation_for_TCP" class="vector-toc-list-item vector-toc-level-1 vector-toc-list-item-expanded"> <a class="vector-toc-link" href="#Type_of_NAT_and_NAT_traversal,_role_of_port_preservation_for_TCP"> <div class="vector-toc-text"> <span class="vector-toc-numb">5</span> <span>Type of NAT and NAT traversal, role of port preservation for TCP</span> </div> </a> <ul id="toc-Type_of_NAT_and_NAT_traversal,_role_of_port_preservation_for_TCP-sublist" class="vector-toc-list"> </ul> </li> <li id="toc-Implementation" class="vector-toc-list-item vector-toc-level-1 vector-toc-list-item-expanded"> <a class="vector-toc-link" href="#Implementation"> <div class="vector-toc-text"> <span class="vector-toc-numb">6</span> <span>Implementation</span> </div> </a> <button aria-controls="toc-Implementation-sublist" class="cdx-button cdx-button--weight-quiet cdx-button--icon-only vector-toc-toggle"> <span class="vector-icon mw-ui-icon-wikimedia-expand"></span> <span>Toggle Implementation subsection</span> </button> <ul id="toc-Implementation-sublist" class="vector-toc-list"> <li id="toc-Establishing_two-way_communication" class="vector-toc-list-item vector-toc-level-2"> <a class="vector-toc-link" href="#Establishing_two-way_communication"> <div class="vector-toc-text"> <span class="vector-toc-numb">6.1</span> <span>Establishing two-way communication</span> </div> </a> <ul id="toc-Establishing_two-way_communication-sublist" class="vector-toc-list"> </ul> </li> <li id="toc-Telephone_number_extension_analogy" class="vector-toc-list-item vector-toc-level-2"> <a class="vector-toc-link" href="#Telephone_number_extension_analogy"> <div class="vector-toc-text"> <span class="vector-toc-numb">6.2</span> <span>Telephone number extension analogy</span> </div> </a> <ul id="toc-Telephone_number_extension_analogy-sublist" class="vector-toc-list"> </ul> </li> <li id="toc-Translation_process" class="vector-toc-list-item vector-toc-level-2"> <a class="vector-toc-link" href="#Translation_process"> <div class="vector-toc-text"> <span class="vector-toc-numb">6.3</span> <span>Translation process</span> </div> </a> <ul id="toc-Translation_process-sublist" class="vector-toc-list"> </ul> </li> </ul> </li> <li id="toc-Applications" class="vector-toc-list-item vector-toc-level-1 vector-toc-list-item-expanded"> <a class="vector-toc-link" href="#Applications"> <div class="vector-toc-text"> <span class="vector-toc-numb">7</span> <span>Applications</span> </div> </a> <ul id="toc-Applications-sublist" class="vector-toc-list"> </ul> </li> <li id="toc-Related_techniques" class="vector-toc-list-item vector-toc-level-1 vector-toc-list-item-expanded"> <a class="vector-toc-link" href="#Related_techniques"> <div class="vector-toc-text"> <span class="vector-toc-numb">8</span> <span>Related techniques</span> </div> </a> <ul id="toc-Related_techniques-sublist" class="vector-toc-list"> </ul> </li> <li id="toc-Issues_and_limitations" class="vector-toc-list-item vector-toc-level-1 vector-toc-list-item-expanded"> <a class="vector-toc-link" href="#Issues_and_limitations"> <div class="vector-toc-text"> <span class="vector-toc-numb">9</span> <span>Issues and limitations</span> </div> </a> <button aria-controls="toc-Issues_and_limitations-sublist" class="cdx-button cdx-button--weight-quiet cdx-button--icon-only vector-toc-toggle"> <span class="vector-icon mw-ui-icon-wikimedia-expand"></span> <span>Toggle Issues and limitations subsection</span> </button> <ul id="toc-Issues_and_limitations-sublist" class="vector-toc-list"> <li id="toc-Fragmentation_and_checksums" class="vector-toc-list-item vector-toc-level-2"> <a class="vector-toc-link" href="#Fragmentation_and_checksums"> <div class="vector-toc-text"> <span class="vector-toc-numb">9.1</span> <span>Fragmentation and checksums</span> </div> </a> <ul id="toc-Fragmentation_and_checksums-sublist" class="vector-toc-list"> </ul> </li> </ul> </li> <li id="toc-Variant_terms" class="vector-toc-list-item vector-toc-level-1 vector-toc-list-item-expanded"> <a class="vector-toc-link" href="#Variant_terms"> <div class="vector-toc-text"> <span class="vector-toc-numb">10</span> <span>Variant terms</span> </div> </a> <button aria-controls="toc-Variant_terms-sublist" class="cdx-button cdx-button--weight-quiet cdx-button--icon-only vector-toc-toggle"> <span class="vector-icon mw-ui-icon-wikimedia-expand"></span> <span>Toggle Variant terms subsection</span> </button> <ul id="toc-Variant_terms-sublist" class="vector-toc-list"> <li id="toc-DNAT" class="vector-toc-list-item vector-toc-level-2"> <a class="vector-toc-link" href="#DNAT"> <div class="vector-toc-text"> <span class="vector-toc-numb">10.1</span> <span>DNAT</span> </div> </a> <ul id="toc-DNAT-sublist" class="vector-toc-list"> </ul> </li> <li id="toc-SNAT" class="vector-toc-list-item vector-toc-level-2"> <a class="vector-toc-link" href="#SNAT"> <div class="vector-toc-text"> <span class="vector-toc-numb">10.2</span> <span>SNAT</span> </div> </a> <ul id="toc-SNAT-sublist" class="vector-toc-list"> </ul> </li> <li id="toc-Dynamic_network_address_translation" class="vector-toc-list-item vector-toc-level-2"> <a class="vector-toc-link" href="#Dynamic_network_address_translation"> <div class="vector-toc-text"> <span class="vector-toc-numb">10.3</span> <span>Dynamic network address translation</span> </div> </a> <ul id="toc-Dynamic_network_address_translation-sublist" class="vector-toc-list"> </ul> </li> </ul> </li> <li id="toc-NAT_hairpinning" class="vector-toc-list-item vector-toc-level-1 vector-toc-list-item-expanded"> <a class="vector-toc-link" href="#NAT_hairpinning"> <div class="vector-toc-text"> <span class="vector-toc-numb">11</span> <span>NAT hairpinning</span> </div> </a> <ul id="toc-NAT_hairpinning-sublist" class="vector-toc-list"> </ul> </li> <li id="toc-NAT_in_IPv6" class="vector-toc-list-item vector-toc-level-1 vector-toc-list-item-expanded"> <a class="vector-toc-link" href="#NAT_in_IPv6"> <div class="vector-toc-text"> <span class="vector-toc-numb">12</span> <span>NAT in IPv6</span> </div> </a> <ul id="toc-NAT_in_IPv6-sublist" class="vector-toc-list"> </ul> </li> <li id="toc-Applications_affected_by_NAT" class="vector-toc-list-item vector-toc-level-1 vector-toc-list-item-expanded"> <a class="vector-toc-link" href="#Applications_affected_by_NAT"> <div class="vector-toc-text"> <span class="vector-toc-numb">13</span> <span>Applications affected by NAT</span> </div> </a> <ul id="toc-Applications_affected_by_NAT-sublist" class="vector-toc-list"> </ul> </li> <li id="toc-Examples_of_NAT_software" class="vector-toc-list-item vector-toc-level-1 vector-toc-list-item-expanded"> <a class="vector-toc-link" href="#Examples_of_NAT_software"> <div class="vector-toc-text"> <span class="vector-toc-numb">14</span> <span>Examples of NAT software</span> </div> </a> <ul id="toc-Examples_of_NAT_software-sublist" class="vector-toc-list"> </ul> </li> <li id="toc-See_also" class="vector-toc-list-item vector-toc-level-1 vector-toc-list-item-expanded"> <a class="vector-toc-link" href="#See_also"> <div class="vector-toc-text"> <span class="vector-toc-numb">15</span> <span>See also</span> </div> </a> <ul id="toc-See_also-sublist" class="vector-toc-list"> </ul> </li> <li id="toc-Notes" class="vector-toc-list-item vector-toc-level-1 vector-toc-list-item-expanded"> <a class="vector-toc-link" href="#Notes"> <div class="vector-toc-text"> <span class="vector-toc-numb">16</span> <span>Notes</span> </div> </a> <ul id="toc-Notes-sublist" class="vector-toc-list"> </ul> </li> <li id="toc-References" class="vector-toc-list-item vector-toc-level-1 vector-toc-list-item-expanded"> <a class="vector-toc-link" href="#References"> <div class="vector-toc-text"> <span class="vector-toc-numb">17</span> <span>References</span> </div> </a> <ul id="toc-References-sublist" class="vector-toc-list"> </ul> </li> <li id="toc-External_links" class="vector-toc-list-item vector-toc-level-1 vector-toc-list-item-expanded"> <a class="vector-toc-link" href="#External_links"> <div class="vector-toc-text"> <span class="vector-toc-numb">18</span> <span>External links</span> </div> </a> <ul id="toc-External_links-sublist" class="vector-toc-list"> </ul> </li> </ul> </div> </div> </nav> </div> </div> <div class="mw-content-container"> <main id="content" class="mw-body"> <header class="mw-body-header vector-page-titlebar"> <nav aria-label="Contents" class="vector-toc-landmark"> <div id="vector-page-titlebar-toc" class="vector-dropdown vector-page-titlebar-toc vector-button-flush-left" > <input type="checkbox" id="vector-page-titlebar-toc-checkbox" role="button" aria-haspopup="true" data-event-name="ui.dropdown-vector-page-titlebar-toc" class="vector-dropdown-checkbox " aria-label="Toggle the table of contents" > <label id="vector-page-titlebar-toc-label" for="vector-page-titlebar-toc-checkbox" class="vector-dropdown-label cdx-button cdx-button--fake-button cdx-button--fake-button--enabled cdx-button--weight-quiet cdx-button--icon-only " aria-hidden="true" ><span class="vector-icon mw-ui-icon-listBullet mw-ui-icon-wikimedia-listBullet"></span> <span class="vector-dropdown-label-text">Toggle the table of contents</span> </label> <div class="vector-dropdown-content"> <div id="vector-page-titlebar-toc-unpinned-container" class="vector-unpinned-container"> </div> </div> </div> </nav> <h1 id="firstHeading" class="firstHeading mw-first-heading"><span class="mw-page-title-main">Network address translation</span></h1> <div id="p-lang-btn" class="vector-dropdown mw-portlet mw-portlet-lang" > <input type="checkbox" id="p-lang-btn-checkbox" role="button" aria-haspopup="true" data-event-name="ui.dropdown-p-lang-btn" class="vector-dropdown-checkbox mw-interlanguage-selector" aria-label="Go to an article in another language. Available in 47 languages" > <label id="p-lang-btn-label" for="p-lang-btn-checkbox" class="vector-dropdown-label cdx-button cdx-button--fake-button cdx-button--fake-button--enabled cdx-button--weight-quiet cdx-button--action-progressive mw-portlet-lang-heading-47" aria-hidden="true" ><span class="vector-icon mw-ui-icon-language-progressive mw-ui-icon-wikimedia-language-progressive"></span> <span class="vector-dropdown-label-text">47 languages</span> </label> <div class="vector-dropdown-content"> <div class="vector-menu-content"> <ul class="vector-menu-content-list"> <li class="interlanguage-link interwiki-ar mw-list-item"><a href="https://ar.wikipedia.org/wiki/%D8%AA%D8%B1%D8%AC%D9%85%D8%A9_%D8%B9%D9%86%D9%88%D8%A7%D9%86_%D8%A7%D9%84%D8%B4%D8%A8%D9%83%D8%A9" title="ترجمة عنوان الشبكة – Arabic" lang="ar" hreflang="ar" data-title="ترجمة عنوان الشبكة" data-language-autonym="العربية" data-language-local-name="Arabic" class="interlanguage-link-target"><span>العربية</span></a></li><li class="interlanguage-link interwiki-an mw-list-item"><a href="https://an.wikipedia.org/wiki/Network_Address_Translation" title="Network Address Translation – Aragonese" lang="an" hreflang="an" data-title="Network Address Translation" data-language-autonym="Aragonés" data-language-local-name="Aragonese" class="interlanguage-link-target"><span>Aragonés</span></a></li><li class="interlanguage-link interwiki-bn mw-list-item"><a href="https://bn.wikipedia.org/wiki/%E0%A6%A8%E0%A7%87%E0%A6%9F%E0%A6%93%E0%A6%AF%E0%A6%BC%E0%A6%BE%E0%A6%B0%E0%A7%8D%E0%A6%95_%E0%A6%85%E0%A7%8D%E0%A6%AF%E0%A6%BE%E0%A6%A1%E0%A7%8D%E0%A6%B0%E0%A7%87%E0%A6%B8_%E0%A6%9F%E0%A7%8D%E0%A6%B0%E0%A6%BE%E0%A6%A8%E0%A7%8D%E0%A6%B8%E0%A6%B2%E0%A7%87%E0%A6%B6%E0%A6%A8" title="নেটওয়ার্ক অ্যাড্রেস ট্রান্সলেশন – Bangla" lang="bn" hreflang="bn" data-title="নেটওয়ার্ক অ্যাড্রেস ট্রান্সলেশন" data-language-autonym="বাংলা" data-language-local-name="Bangla" class="interlanguage-link-target"><span>বাংলা</span></a></li><li class="interlanguage-link interwiki-be mw-list-item"><a href="https://be.wikipedia.org/wiki/NAT" title="NAT – Belarusian" lang="be" hreflang="be" data-title="NAT" data-language-autonym="Беларуская" data-language-local-name="Belarusian" class="interlanguage-link-target"><span>Беларуская</span></a></li><li class="interlanguage-link interwiki-bg mw-list-item"><a href="https://bg.wikipedia.org/wiki/Network_address_translation" title="Network address translation – Bulgarian" lang="bg" hreflang="bg" data-title="Network address translation" data-language-autonym="Български" data-language-local-name="Bulgarian" class="interlanguage-link-target"><span>Български</span></a></li><li class="interlanguage-link interwiki-ca mw-list-item"><a href="https://ca.wikipedia.org/wiki/Network_Address_Translation" title="Network Address Translation – Catalan" lang="ca" hreflang="ca" data-title="Network Address Translation" data-language-autonym="Català" data-language-local-name="Catalan" class="interlanguage-link-target"><span>Català</span></a></li><li class="interlanguage-link interwiki-ceb mw-list-item"><a href="https://ceb.wikipedia.org/wiki/Paghubad_sa_adres_sa_network" title="Paghubad sa adres sa network – Cebuano" lang="ceb" hreflang="ceb" data-title="Paghubad sa adres sa network" data-language-autonym="Cebuano" data-language-local-name="Cebuano" class="interlanguage-link-target"><span>Cebuano</span></a></li><li class="interlanguage-link interwiki-cs mw-list-item"><a href="https://cs.wikipedia.org/wiki/Network_address_translation" title="Network address translation – Czech" lang="cs" hreflang="cs" data-title="Network address translation" data-language-autonym="Čeština" data-language-local-name="Czech" class="interlanguage-link-target"><span>Čeština</span></a></li><li class="interlanguage-link interwiki-da mw-list-item"><a href="https://da.wikipedia.org/wiki/Network_Address_Translation" title="Network Address Translation – Danish" lang="da" hreflang="da" data-title="Network Address Translation" data-language-autonym="Dansk" data-language-local-name="Danish" class="interlanguage-link-target"><span>Dansk</span></a></li><li class="interlanguage-link interwiki-de mw-list-item"><a href="https://de.wikipedia.org/wiki/Netzwerkadress%C3%BCbersetzung" title="Netzwerkadressübersetzung – German" lang="de" hreflang="de" data-title="Netzwerkadressübersetzung" data-language-autonym="Deutsch" data-language-local-name="German" class="interlanguage-link-target"><span>Deutsch</span></a></li><li class="interlanguage-link interwiki-et mw-list-item"><a href="https://et.wikipedia.org/wiki/V%C3%B5rguaadresside_teisendus" title="Võrguaadresside teisendus – Estonian" lang="et" hreflang="et" data-title="Võrguaadresside teisendus" data-language-autonym="Eesti" data-language-local-name="Estonian" class="interlanguage-link-target"><span>Eesti</span></a></li><li class="interlanguage-link interwiki-el mw-list-item"><a href="https://el.wikipedia.org/wiki/%CE%9C%CE%B5%CF%84%CE%AC%CF%86%CF%81%CE%B1%CF%83%CE%B7_%CE%B4%CE%B9%CE%B5%CF%8D%CE%B8%CF%85%CE%BD%CF%83%CE%B7%CF%82_%CE%B4%CE%B9%CE%BA%CF%84%CF%8D%CE%BF%CF%85" title="Μετάφραση διεύθυνσης δικτύου – Greek" lang="el" hreflang="el" data-title="Μετάφραση διεύθυνσης δικτύου" data-language-autonym="Ελληνικά" data-language-local-name="Greek" class="interlanguage-link-target"><span>Ελληνικά</span></a></li><li class="interlanguage-link interwiki-es mw-list-item"><a href="https://es.wikipedia.org/wiki/Traducci%C3%B3n_de_direcciones_de_red" title="Traducción de direcciones de red – Spanish" lang="es" hreflang="es" data-title="Traducción de direcciones de red" data-language-autonym="Español" data-language-local-name="Spanish" class="interlanguage-link-target"><span>Español</span></a></li><li class="interlanguage-link interwiki-eo mw-list-item"><a href="https://eo.wikipedia.org/wiki/NAT_(komputiko)" title="NAT (komputiko) – Esperanto" lang="eo" hreflang="eo" data-title="NAT (komputiko)" data-language-autonym="Esperanto" data-language-local-name="Esperanto" class="interlanguage-link-target"><span>Esperanto</span></a></li><li class="interlanguage-link interwiki-eu mw-list-item"><a href="https://eu.wikipedia.org/wiki/NAT" title="NAT – Basque" lang="eu" hreflang="eu" data-title="NAT" data-language-autonym="Euskara" data-language-local-name="Basque" class="interlanguage-link-target"><span>Euskara</span></a></li><li class="interlanguage-link interwiki-fa mw-list-item"><a href="https://fa.wikipedia.org/wiki/%D8%A8%D8%B1%DA%AF%D8%B1%D8%AF%D8%A7%D9%86_%D9%86%D8%B4%D8%A7%D9%86%DB%8C_%D8%B4%D8%A8%DA%A9%D9%87" title="برگردان نشانی شبکه – Persian" lang="fa" hreflang="fa" data-title="برگردان نشانی شبکه" data-language-autonym="فارسی" data-language-local-name="Persian" class="interlanguage-link-target"><span>فارسی</span></a></li><li class="interlanguage-link interwiki-fr mw-list-item"><a href="https://fr.wikipedia.org/wiki/Network_address_translation" title="Network address translation – French" lang="fr" hreflang="fr" data-title="Network address translation" data-language-autonym="Français" data-language-local-name="French" class="interlanguage-link-target"><span>Français</span></a></li><li class="interlanguage-link interwiki-ko mw-list-item"><a href="https://ko.wikipedia.org/wiki/%EB%84%A4%ED%8A%B8%EC%9B%8C%ED%81%AC_%EC%A3%BC%EC%86%8C_%EB%B3%80%ED%99%98" title="네트워크 주소 변환 – Korean" lang="ko" hreflang="ko" data-title="네트워크 주소 변환" data-language-autonym="한국어" data-language-local-name="Korean" class="interlanguage-link-target"><span>한국어</span></a></li><li class="interlanguage-link interwiki-hy mw-list-item"><a href="https://hy.wikipedia.org/wiki/NAT" title="NAT – Armenian" lang="hy" hreflang="hy" data-title="NAT" data-language-autonym="Հայերեն" data-language-local-name="Armenian" class="interlanguage-link-target"><span>Հայերեն</span></a></li><li class="interlanguage-link interwiki-ig mw-list-item"><a href="https://ig.wikipedia.org/wiki/Nt%E1%BB%A5ghar%E1%BB%8B_as%E1%BB%A5s%E1%BB%A5_netw%E1%BB%8Dk%E1%BB%A5" title="Ntụgharị asụsụ netwọkụ – Igbo" lang="ig" hreflang="ig" data-title="Ntụgharị asụsụ netwọkụ" data-language-autonym="Igbo" data-language-local-name="Igbo" class="interlanguage-link-target"><span>Igbo</span></a></li><li class="interlanguage-link interwiki-id mw-list-item"><a href="https://id.wikipedia.org/wiki/Penafsiran_alamat_jaringan" title="Penafsiran alamat jaringan – Indonesian" lang="id" hreflang="id" data-title="Penafsiran alamat jaringan" data-language-autonym="Bahasa Indonesia" data-language-local-name="Indonesian" class="interlanguage-link-target"><span>Bahasa Indonesia</span></a></li><li class="interlanguage-link interwiki-is mw-list-item"><a href="https://is.wikipedia.org/wiki/Network_address_translation" title="Network address translation – Icelandic" lang="is" hreflang="is" data-title="Network address translation" data-language-autonym="Íslenska" data-language-local-name="Icelandic" class="interlanguage-link-target"><span>Íslenska</span></a></li><li class="interlanguage-link interwiki-it mw-list-item"><a href="https://it.wikipedia.org/wiki/Network_address_translation" title="Network address translation – Italian" lang="it" hreflang="it" data-title="Network address translation" data-language-autonym="Italiano" data-language-local-name="Italian" class="interlanguage-link-target"><span>Italiano</span></a></li><li class="interlanguage-link interwiki-he mw-list-item"><a href="https://he.wikipedia.org/wiki/Network_Address_Translation" title="Network Address Translation – Hebrew" lang="he" hreflang="he" data-title="Network Address Translation" data-language-autonym="עברית" data-language-local-name="Hebrew" class="interlanguage-link-target"><span>עברית</span></a></li><li class="interlanguage-link interwiki-lv mw-list-item"><a href="https://lv.wikipedia.org/wiki/T%C4%ABkla_adre%C5%A1u_transl%C4%93%C5%A1ana" title="Tīkla adrešu translēšana – Latvian" lang="lv" hreflang="lv" data-title="Tīkla adrešu translēšana" data-language-autonym="Latviešu" data-language-local-name="Latvian" class="interlanguage-link-target"><span>Latviešu</span></a></li><li class="interlanguage-link interwiki-lmo mw-list-item"><a href="https://lmo.wikipedia.org/wiki/Network_address_translation" title="Network address translation – Lombard" lang="lmo" hreflang="lmo" data-title="Network address translation" data-language-autonym="Lombard" data-language-local-name="Lombard" class="interlanguage-link-target"><span>Lombard</span></a></li><li class="interlanguage-link interwiki-hu mw-list-item"><a href="https://hu.wikipedia.org/wiki/H%C3%A1l%C3%B3zati_c%C3%ADmford%C3%ADt%C3%A1s" title="Hálózati címfordítás – Hungarian" lang="hu" hreflang="hu" data-title="Hálózati címfordítás" data-language-autonym="Magyar" data-language-local-name="Hungarian" class="interlanguage-link-target"><span>Magyar</span></a></li><li class="interlanguage-link interwiki-mn mw-list-item"><a href="https://mn.wikipedia.org/wiki/Network_Address_Translation" title="Network Address Translation – Mongolian" lang="mn" hreflang="mn" data-title="Network Address Translation" data-language-autonym="Монгол" data-language-local-name="Mongolian" class="interlanguage-link-target"><span>Монгол</span></a></li><li class="interlanguage-link interwiki-nl mw-list-item"><a href="https://nl.wikipedia.org/wiki/Network_address_translation" title="Network address translation – Dutch" lang="nl" hreflang="nl" data-title="Network address translation" data-language-autonym="Nederlands" data-language-local-name="Dutch" class="interlanguage-link-target"><span>Nederlands</span></a></li><li class="interlanguage-link interwiki-ja mw-list-item"><a href="https://ja.wikipedia.org/wiki/%E3%83%8D%E3%83%83%E3%83%88%E3%83%AF%E3%83%BC%E3%82%AF%E3%82%A2%E3%83%89%E3%83%AC%E3%82%B9%E5%A4%89%E6%8F%9B" title="ネットワークアドレス変換 – Japanese" lang="ja" hreflang="ja" data-title="ネットワークアドレス変換" data-language-autonym="日本語" data-language-local-name="Japanese" class="interlanguage-link-target"><span>日本語</span></a></li><li class="interlanguage-link interwiki-no mw-list-item"><a href="https://no.wikipedia.org/wiki/Network_Address_Translation" title="Network Address Translation – Norwegian Bokmål" lang="nb" hreflang="nb" data-title="Network Address Translation" data-language-autonym="Norsk bokmål" data-language-local-name="Norwegian Bokmål" class="interlanguage-link-target"><span>Norsk bokmål</span></a></li><li class="interlanguage-link interwiki-pms mw-list-item"><a href="https://pms.wikipedia.org/wiki/NAT" title="NAT – Piedmontese" lang="pms" hreflang="pms" data-title="NAT" data-language-autonym="Piemontèis" data-language-local-name="Piedmontese" class="interlanguage-link-target"><span>Piemontèis</span></a></li><li class="interlanguage-link interwiki-pl mw-list-item"><a href="https://pl.wikipedia.org/wiki/Network_address_translation" title="Network address translation – Polish" lang="pl" hreflang="pl" data-title="Network address translation" data-language-autonym="Polski" data-language-local-name="Polish" class="interlanguage-link-target"><span>Polski</span></a></li><li class="interlanguage-link interwiki-pt mw-list-item"><a href="https://pt.wikipedia.org/wiki/Network_address_translation" title="Network address translation – Portuguese" lang="pt" hreflang="pt" data-title="Network address translation" data-language-autonym="Português" data-language-local-name="Portuguese" class="interlanguage-link-target"><span>Português</span></a></li><li class="interlanguage-link interwiki-ru mw-list-item"><a href="https://ru.wikipedia.org/wiki/NAT" title="NAT – Russian" lang="ru" hreflang="ru" data-title="NAT" data-language-autonym="Русский" data-language-local-name="Russian" class="interlanguage-link-target"><span>Русский</span></a></li><li class="interlanguage-link interwiki-simple mw-list-item"><a href="https://simple.wikipedia.org/wiki/Network_address_translation" title="Network address translation – Simple English" lang="en-simple" hreflang="en-simple" data-title="Network address translation" data-language-autonym="Simple English" data-language-local-name="Simple English" class="interlanguage-link-target"><span>Simple English</span></a></li><li class="interlanguage-link interwiki-sk mw-list-item"><a href="https://sk.wikipedia.org/wiki/Network_address_translation" title="Network address translation – Slovak" lang="sk" hreflang="sk" data-title="Network address translation" data-language-autonym="Slovenčina" data-language-local-name="Slovak" class="interlanguage-link-target"><span>Slovenčina</span></a></li><li class="interlanguage-link interwiki-ckb mw-list-item"><a href="https://ckb.wikipedia.org/wiki/%D9%88%DB%95%D8%B1%DA%AF%DB%8E%DA%95%D8%A7%D9%86%DB%8C_%D9%86%D8%A7%D9%88%D9%86%DB%8C%D8%B4%D8%A7%D9%86%DB%8C_%D8%AA%DB%86%DA%95" title="وەرگێڕانی ناونیشانی تۆڕ – Central Kurdish" lang="ckb" hreflang="ckb" data-title="وەرگێڕانی ناونیشانی تۆڕ" data-language-autonym="کوردی" data-language-local-name="Central Kurdish" class="interlanguage-link-target"><span>کوردی</span></a></li><li class="interlanguage-link interwiki-sr mw-list-item"><a href="https://sr.wikipedia.org/wiki/%D0%9D%D0%90%D0%A2" title="НАТ – Serbian" lang="sr" hreflang="sr" data-title="НАТ" data-language-autonym="Српски / srpski" data-language-local-name="Serbian" class="interlanguage-link-target"><span>Српски / srpski</span></a></li><li class="interlanguage-link interwiki-fi mw-list-item"><a href="https://fi.wikipedia.org/wiki/Osoitteenmuunnos" title="Osoitteenmuunnos – Finnish" lang="fi" hreflang="fi" data-title="Osoitteenmuunnos" data-language-autonym="Suomi" data-language-local-name="Finnish" class="interlanguage-link-target"><span>Suomi</span></a></li><li class="interlanguage-link interwiki-sv mw-list-item"><a href="https://sv.wikipedia.org/wiki/Network_Address_Translation" title="Network Address Translation – Swedish" lang="sv" hreflang="sv" data-title="Network Address Translation" data-language-autonym="Svenska" data-language-local-name="Swedish" class="interlanguage-link-target"><span>Svenska</span></a></li><li class="interlanguage-link interwiki-tl mw-list-item"><a href="https://tl.wikipedia.org/wiki/Network_address_translation" title="Network address translation – Tagalog" lang="tl" hreflang="tl" data-title="Network address translation" data-language-autonym="Tagalog" data-language-local-name="Tagalog" class="interlanguage-link-target"><span>Tagalog</span></a></li><li class="interlanguage-link interwiki-ta mw-list-item"><a href="https://ta.wikipedia.org/wiki/%E0%AE%AA%E0%AE%BF%E0%AE%A3%E0%AF%88%E0%AE%AF_%E0%AE%AE%E0%AF%81%E0%AE%95%E0%AE%B5%E0%AE%B0%E0%AE%BF_%E0%AE%AE%E0%AF%8A%E0%AE%B4%E0%AE%BF%E0%AE%AA%E0%AF%86%E0%AE%AF%E0%AE%B0%E0%AF%8D%E0%AE%AA%E0%AF%8D%E0%AE%AA%E0%AF%81" title="பிணைய முகவரி மொழிபெயர்ப்பு – Tamil" lang="ta" hreflang="ta" data-title="பிணைய முகவரி மொழிபெயர்ப்பு" data-language-autonym="தமிழ்" data-language-local-name="Tamil" class="interlanguage-link-target"><span>தமிழ்</span></a></li><li class="interlanguage-link interwiki-tr mw-list-item"><a href="https://tr.wikipedia.org/wiki/NAT" title="NAT – Turkish" lang="tr" hreflang="tr" data-title="NAT" data-language-autonym="Türkçe" data-language-local-name="Turkish" class="interlanguage-link-target"><span>Türkçe</span></a></li><li class="interlanguage-link interwiki-uk mw-list-item"><a href="https://uk.wikipedia.org/wiki/NAT" title="NAT – Ukrainian" lang="uk" hreflang="uk" data-title="NAT" data-language-autonym="Українська" data-language-local-name="Ukrainian" class="interlanguage-link-target"><span>Українська</span></a></li><li class="interlanguage-link interwiki-vi mw-list-item"><a href="https://vi.wikipedia.org/wiki/Bi%C3%AAn_d%E1%BB%8Bch_%C4%91%E1%BB%8Ba_ch%E1%BB%89_m%E1%BA%A1ng" title="Biên dịch địa chỉ mạng – Vietnamese" lang="vi" hreflang="vi" data-title="Biên dịch địa chỉ mạng" data-language-autonym="Tiếng Việt" data-language-local-name="Vietnamese" class="interlanguage-link-target"><span>Tiếng Việt</span></a></li><li class="interlanguage-link interwiki-zh mw-list-item"><a href="https://zh.wikipedia.org/wiki/%E7%BD%91%E7%BB%9C%E5%9C%B0%E5%9D%80%E8%BD%AC%E6%8D%A2" title="网络地址转换 – Chinese" lang="zh" hreflang="zh" data-title="网络地址转换" data-language-autonym="中文" data-language-local-name="Chinese" class="interlanguage-link-target"><span>中文</span></a></li> </ul> <div class="after-portlet after-portlet-lang"><span class="wb-langlinks-edit wb-langlinks-link"><a href="https://www.wikidata.org/wiki/Special:EntityPage/Q11182#sitelinks-wikipedia" title="Edit interlanguage links" class="wbc-editpage">Edit links</a></span></div> </div> </div> </div> </header> <div class="vector-page-toolbar"> <div class="vector-page-toolbar-container"> <div id="left-navigation"> <nav aria-label="Namespaces"> <div id="p-associated-pages" class="vector-menu vector-menu-tabs mw-portlet mw-portlet-associated-pages" > <div class="vector-menu-content"> <ul class="vector-menu-content-list"> <li id="ca-nstab-main" class="selected vector-tab-noicon mw-list-item"><a href="/wiki/Network_address_translation" title="View the content page [c]" accesskey="c"><span>Article</span></a></li><li id="ca-talk" class="vector-tab-noicon mw-list-item"><a href="/wiki/Talk:Network_address_translation" rel="discussion" title="Discuss improvements to the content page [t]" accesskey="t"><span>Talk</span></a></li> </ul> </div> </div> <div id="vector-variants-dropdown" class="vector-dropdown emptyPortlet" > <input type="checkbox" id="vector-variants-dropdown-checkbox" role="button" aria-haspopup="true" data-event-name="ui.dropdown-vector-variants-dropdown" class="vector-dropdown-checkbox " aria-label="Change language variant" > <label id="vector-variants-dropdown-label" for="vector-variants-dropdown-checkbox" class="vector-dropdown-label cdx-button cdx-button--fake-button cdx-button--fake-button--enabled cdx-button--weight-quiet" aria-hidden="true" ><span class="vector-dropdown-label-text">English</span> </label> <div class="vector-dropdown-content"> <div id="p-variants" class="vector-menu mw-portlet mw-portlet-variants emptyPortlet" > <div class="vector-menu-content"> <ul class="vector-menu-content-list"> </ul> </div> </div> </div> </div> </nav> </div> <div id="right-navigation" class="vector-collapsible"> <nav aria-label="Views"> <div id="p-views" class="vector-menu vector-menu-tabs mw-portlet mw-portlet-views" > <div class="vector-menu-content"> <ul class="vector-menu-content-list"> <li id="ca-view" class="selected vector-tab-noicon mw-list-item"><a href="/wiki/Network_address_translation"><span>Read</span></a></li><li id="ca-edit" class="vector-tab-noicon mw-list-item"><a href="/w/index.php?title=Network_address_translation&action=edit" title="Edit this page [e]" accesskey="e"><span>Edit</span></a></li><li id="ca-history" class="vector-tab-noicon mw-list-item"><a href="/w/index.php?title=Network_address_translation&action=history" title="Past revisions of this page [h]" accesskey="h"><span>View history</span></a></li> </ul> </div> </div> </nav> <nav class="vector-page-tools-landmark" aria-label="Page tools"> <div id="vector-page-tools-dropdown" class="vector-dropdown vector-page-tools-dropdown" > <input type="checkbox" id="vector-page-tools-dropdown-checkbox" role="button" aria-haspopup="true" data-event-name="ui.dropdown-vector-page-tools-dropdown" class="vector-dropdown-checkbox " aria-label="Tools" > <label id="vector-page-tools-dropdown-label" for="vector-page-tools-dropdown-checkbox" class="vector-dropdown-label cdx-button cdx-button--fake-button cdx-button--fake-button--enabled cdx-button--weight-quiet" aria-hidden="true" ><span class="vector-dropdown-label-text">Tools</span> </label> <div class="vector-dropdown-content"> <div id="vector-page-tools-unpinned-container" class="vector-unpinned-container"> <div id="vector-page-tools" class="vector-page-tools vector-pinnable-element"> <div class="vector-pinnable-header vector-page-tools-pinnable-header vector-pinnable-header-unpinned" data-feature-name="page-tools-pinned" data-pinnable-element-id="vector-page-tools" data-pinned-container-id="vector-page-tools-pinned-container" data-unpinned-container-id="vector-page-tools-unpinned-container" > <div class="vector-pinnable-header-label">Tools</div> <button class="vector-pinnable-header-toggle-button vector-pinnable-header-pin-button" data-event-name="pinnable-header.vector-page-tools.pin">move to sidebar</button> <button class="vector-pinnable-header-toggle-button vector-pinnable-header-unpin-button" data-event-name="pinnable-header.vector-page-tools.unpin">hide</button> </div> <div id="p-cactions" class="vector-menu mw-portlet mw-portlet-cactions emptyPortlet vector-has-collapsible-items" title="More options" > <div class="vector-menu-heading"> Actions </div> <div class="vector-menu-content"> <ul class="vector-menu-content-list"> <li id="ca-more-view" class="selected vector-more-collapsible-item mw-list-item"><a href="/wiki/Network_address_translation"><span>Read</span></a></li><li id="ca-more-edit" class="vector-more-collapsible-item mw-list-item"><a href="/w/index.php?title=Network_address_translation&action=edit" title="Edit this page [e]" accesskey="e"><span>Edit</span></a></li><li id="ca-more-history" class="vector-more-collapsible-item mw-list-item"><a href="/w/index.php?title=Network_address_translation&action=history"><span>View history</span></a></li> </ul> </div> </div> <div id="p-tb" class="vector-menu mw-portlet mw-portlet-tb" > <div class="vector-menu-heading"> General </div> <div class="vector-menu-content"> <ul class="vector-menu-content-list"> <li id="t-whatlinkshere" class="mw-list-item"><a href="/wiki/Special:WhatLinksHere/Network_address_translation" title="List of all English Wikipedia pages containing links to this page [j]" accesskey="j"><span>What links here</span></a></li><li id="t-recentchangeslinked" class="mw-list-item"><a href="/wiki/Special:RecentChangesLinked/Network_address_translation" rel="nofollow" title="Recent changes in pages linked from this page [k]" accesskey="k"><span>Related changes</span></a></li><li id="t-upload" class="mw-list-item"><a href="/wiki/Wikipedia:File_Upload_Wizard" title="Upload files [u]" accesskey="u"><span>Upload file</span></a></li><li id="t-specialpages" class="mw-list-item"><a href="/wiki/Special:SpecialPages" title="A list of all special pages [q]" accesskey="q"><span>Special pages</span></a></li><li id="t-permalink" class="mw-list-item"><a href="/w/index.php?title=Network_address_translation&oldid=1258591625" title="Permanent link to this revision of this page"><span>Permanent link</span></a></li><li id="t-info" class="mw-list-item"><a href="/w/index.php?title=Network_address_translation&action=info" title="More information about this page"><span>Page information</span></a></li><li id="t-cite" class="mw-list-item"><a href="/w/index.php?title=Special:CiteThisPage&page=Network_address_translation&id=1258591625&wpFormIdentifier=titleform" title="Information on how to cite this page"><span>Cite this page</span></a></li><li id="t-urlshortener" class="mw-list-item"><a href="/w/index.php?title=Special:UrlShortener&url=https%3A%2F%2Fen.wikipedia.org%2Fwiki%2FNetwork_address_translation"><span>Get shortened URL</span></a></li><li id="t-urlshortener-qrcode" class="mw-list-item"><a href="/w/index.php?title=Special:QrCode&url=https%3A%2F%2Fen.wikipedia.org%2Fwiki%2FNetwork_address_translation"><span>Download QR code</span></a></li> </ul> </div> </div> <div id="p-coll-print_export" class="vector-menu mw-portlet mw-portlet-coll-print_export" > <div class="vector-menu-heading"> Print/export </div> <div class="vector-menu-content"> <ul class="vector-menu-content-list"> <li id="coll-download-as-rl" class="mw-list-item"><a href="/w/index.php?title=Special:DownloadAsPdf&page=Network_address_translation&action=show-download-screen" title="Download this page as a PDF file"><span>Download as PDF</span></a></li><li id="t-print" class="mw-list-item"><a href="/w/index.php?title=Network_address_translation&printable=yes" title="Printable version of this page [p]" accesskey="p"><span>Printable version</span></a></li> </ul> </div> </div> <div id="p-wikibase-otherprojects" class="vector-menu mw-portlet mw-portlet-wikibase-otherprojects" > <div class="vector-menu-heading"> In other projects </div> <div class="vector-menu-content"> <ul class="vector-menu-content-list"> <li class="wb-otherproject-link wb-otherproject-commons mw-list-item"><a href="https://commons.wikimedia.org/wiki/Category:Network_Address_Translation" hreflang="en"><span>Wikimedia Commons</span></a></li><li id="t-wikibase" class="wb-otherproject-link wb-otherproject-wikibase-dataitem mw-list-item"><a href="https://www.wikidata.org/wiki/Special:EntityPage/Q11182" title="Structured data on this page hosted by Wikidata [g]" accesskey="g"><span>Wikidata item</span></a></li> </ul> </div> </div> </div> </div> </div> </div> </nav> </div> </div> </div> <div class="vector-column-end"> <div class="vector-sticky-pinned-container"> <nav class="vector-page-tools-landmark" aria-label="Page tools"> <div id="vector-page-tools-pinned-container" class="vector-pinned-container"> </div> </nav> <nav class="vector-appearance-landmark" aria-label="Appearance"> <div id="vector-appearance-pinned-container" class="vector-pinned-container"> <div id="vector-appearance" class="vector-appearance vector-pinnable-element"> <div class="vector-pinnable-header vector-appearance-pinnable-header vector-pinnable-header-pinned" data-feature-name="appearance-pinned" data-pinnable-element-id="vector-appearance" data-pinned-container-id="vector-appearance-pinned-container" data-unpinned-container-id="vector-appearance-unpinned-container" > <div class="vector-pinnable-header-label">Appearance</div> <button class="vector-pinnable-header-toggle-button vector-pinnable-header-pin-button" data-event-name="pinnable-header.vector-appearance.pin">move to sidebar</button> <button class="vector-pinnable-header-toggle-button vector-pinnable-header-unpin-button" data-event-name="pinnable-header.vector-appearance.unpin">hide</button> </div> </div> </div> </nav> </div> </div> <div id="bodyContent" class="vector-body" aria-labelledby="firstHeading" data-mw-ve-target-container> <div class="vector-body-before-content"> <div class="mw-indicators"> </div> <div id="siteSub" class="noprint">From Wikipedia, the free encyclopedia</div> </div> <div id="contentSub"><div id="mw-content-subtitle"></div></div> <div id="mw-content-text" class="mw-body-content"><div class="mw-content-ltr mw-parser-output" lang="en" dir="ltr"><div class="shortdescription nomobile noexcerpt noprint searchaux" style="display:none">Technique for making connections between IP address spaces</div> <p class="mw-empty-elt"> </p> <figure class="mw-default-size" typeof="mw:File/Thumb"><a href="/wiki/File:NAT_Concept-en.svg" class="mw-file-description"><img src="//upload.wikimedia.org/wikipedia/commons/thumb/c/c7/NAT_Concept-en.svg/220px-NAT_Concept-en.svg.png" decoding="async" width="220" height="102" class="mw-file-element" srcset="//upload.wikimedia.org/wikipedia/commons/thumb/c/c7/NAT_Concept-en.svg/330px-NAT_Concept-en.svg.png 1.5x, //upload.wikimedia.org/wikipedia/commons/thumb/c/c7/NAT_Concept-en.svg/440px-NAT_Concept-en.svg.png 2x" data-file-width="456" data-file-height="211" /></a><figcaption>Network address translation between a private network and the Internet</figcaption></figure> <p><b>Network address translation</b> (<b>NAT</b>) is a method of mapping an IP <a href="/wiki/Address_space" title="Address space">address space</a> into another by modifying <a href="/wiki/Network_address" title="Network address">network address</a> information in the <a href="/wiki/IP_header" title="IP header">IP header</a> of packets while they are in transit across a traffic <a href="/wiki/Router_(computing)" title="Router (computing)">routing device</a>.<sup id="cite_ref-1" class="reference"><a href="#cite_note-1"><span class="cite-bracket">[</span>1<span class="cite-bracket">]</span></a></sup> The technique was initially used to bypass the need to assign a new address to every host when a network was moved, or when the upstream <a href="/wiki/Internet_service_provider" title="Internet service provider">Internet service provider</a> was replaced but could not route the network's address space. It has become a popular and essential tool in conserving global address space in the face of <a href="/wiki/IPv4_address_exhaustion" title="IPv4 address exhaustion">IPv4 address exhaustion</a>. One Internet-routable <a href="/wiki/IP_address" title="IP address">IP address</a> of a NAT gateway can be used for an entire <a href="/wiki/Private_network" title="Private network">private network</a>.<sup id="cite_ref-rfc4787_2-0" class="reference"><a href="#cite_note-rfc4787-2"><span class="cite-bracket">[</span>2<span class="cite-bracket">]</span></a></sup> </p><p>As network address translation modifies the IP address information in packets, NAT implementations may vary in their specific behavior in various addressing cases and their effect on network traffic. Vendors of equipment containing NAT implementations do not commonly document the specifics of NAT behavior.<sup id="cite_ref-rfc4787_2-1" class="reference"><a href="#cite_note-rfc4787-2"><span class="cite-bracket">[</span>2<span class="cite-bracket">]</span></a></sup> </p> <meta property="mw:PageProp/toc" /> <div class="mw-heading mw-heading2"><h2 id="History">History</h2><span class="mw-editsection"><span class="mw-editsection-bracket">[</span><a href="/w/index.php?title=Network_address_translation&action=edit&section=1" title="Edit section: History"><span>edit</span></a><span class="mw-editsection-bracket">]</span></span></div> <p>IPv4 uses 32-bit addresses, capable of uniquely addressing about 4.3 billion devices. By 1992, it became evident that that would not be enough. The 1994 <style data-mw-deduplicate="TemplateStyles:r1238218222">.mw-parser-output cite.citation{font-style:inherit;word-wrap:break-word}.mw-parser-output .citation q{quotes:"\"""\"""'""'"}.mw-parser-output .citation:target{background-color:rgba(0,127,255,0.133)}.mw-parser-output .id-lock-free.id-lock-free a{background:url("//upload.wikimedia.org/wikipedia/commons/6/65/Lock-green.svg")right 0.1em center/9px no-repeat}.mw-parser-output .id-lock-limited.id-lock-limited a,.mw-parser-output .id-lock-registration.id-lock-registration a{background:url("//upload.wikimedia.org/wikipedia/commons/d/d6/Lock-gray-alt-2.svg")right 0.1em center/9px no-repeat}.mw-parser-output .id-lock-subscription.id-lock-subscription a{background:url("//upload.wikimedia.org/wikipedia/commons/a/aa/Lock-red-alt-2.svg")right 0.1em center/9px no-repeat}.mw-parser-output .cs1-ws-icon a{background:url("//upload.wikimedia.org/wikipedia/commons/4/4c/Wikisource-logo.svg")right 0.1em center/12px no-repeat}body:not(.skin-timeless):not(.skin-minerva) .mw-parser-output .id-lock-free a,body:not(.skin-timeless):not(.skin-minerva) .mw-parser-output .id-lock-limited a,body:not(.skin-timeless):not(.skin-minerva) .mw-parser-output .id-lock-registration a,body:not(.skin-timeless):not(.skin-minerva) .mw-parser-output .id-lock-subscription a,body:not(.skin-timeless):not(.skin-minerva) .mw-parser-output .cs1-ws-icon a{background-size:contain;padding:0 1em 0 0}.mw-parser-output .cs1-code{color:inherit;background:inherit;border:none;padding:inherit}.mw-parser-output .cs1-hidden-error{display:none;color:var(--color-error,#d33)}.mw-parser-output .cs1-visible-error{color:var(--color-error,#d33)}.mw-parser-output .cs1-maint{display:none;color:#085;margin-left:0.3em}.mw-parser-output .cs1-kern-left{padding-left:0.2em}.mw-parser-output .cs1-kern-right{padding-right:0.2em}.mw-parser-output .citation .mw-selflink{font-weight:inherit}@media screen{.mw-parser-output .cs1-format{font-size:95%}html.skin-theme-clientpref-night .mw-parser-output .cs1-maint{color:#18911f}}@media screen and (prefers-color-scheme:dark){html.skin-theme-clientpref-os .mw-parser-output .cs1-maint{color:#18911f}}</style><a href="/wiki/RFC_(identifier)" class="mw-redirect" title="RFC (identifier)">RFC</a> <a rel="nofollow" class="external text" href="https://datatracker.ietf.org/doc/html/rfc1631">1631</a> describes NAT as a "short-term solution" to the two most compelling problems facing the IP Internet at that time: IP address depletion and scaling in routing. By 2004, NAT had become widespread.<sup id="cite_ref-huston_3-0" class="reference"><a href="#cite_note-huston-3"><span class="cite-bracket">[</span>3<span class="cite-bracket">]</span></a></sup> </p> <div class="mw-heading mw-heading2"><h2 id="Basic_NAT">Basic NAT</h2><span class="mw-editsection"><span class="mw-editsection-bracket">[</span><a href="/w/index.php?title=Network_address_translation&action=edit&section=2" title="Edit section: Basic NAT"><span>edit</span></a><span class="mw-editsection-bracket">]</span></span></div> <p>The simplest type of NAT provides a one-to-one translation of IP addresses (RFC 1631). <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><a href="/wiki/RFC_(identifier)" class="mw-redirect" title="RFC (identifier)">RFC</a> <a rel="nofollow" class="external text" href="https://datatracker.ietf.org/doc/html/rfc2663">2663</a> refers to this type of NAT as <i>basic NAT</i>, also called a <i>one-to-one NAT</i>. In this type of NAT, only the IP addresses, IP header <a href="/wiki/Checksum" title="Checksum">checksum</a>, and any higher-level checksums that include the IP address are changed. Basic NAT can be used to interconnect two IP networks with incompatible addresses.<sup id="cite_ref-rfc4787_2-2" class="reference"><a href="#cite_note-rfc4787-2"><span class="cite-bracket">[</span>2<span class="cite-bracket">]</span></a></sup> </p> <div class="mw-heading mw-heading2"><h2 id="One-to-many_NAT"><span class="anchor" id="MASQUERADING"></span>One-to-many NAT</h2><span class="mw-editsection"><span class="mw-editsection-bracket">[</span><a href="/w/index.php?title=Network_address_translation&action=edit&section=3" title="Edit section: One-to-many NAT"><span>edit</span></a><span class="mw-editsection-bracket">]</span></span></div> <figure class="mw-default-size" typeof="mw:File/Thumb"><a href="/wiki/File:Network_Address_Translation_(file2).jpg" class="mw-file-description"><img src="//upload.wikimedia.org/wikipedia/commons/thumb/6/63/Network_Address_Translation_%28file2%29.jpg/220px-Network_Address_Translation_%28file2%29.jpg" decoding="async" width="220" height="110" class="mw-file-element" srcset="//upload.wikimedia.org/wikipedia/commons/thumb/6/63/Network_Address_Translation_%28file2%29.jpg/330px-Network_Address_Translation_%28file2%29.jpg 1.5x, //upload.wikimedia.org/wikipedia/commons/thumb/6/63/Network_Address_Translation_%28file2%29.jpg/440px-Network_Address_Translation_%28file2%29.jpg 2x" data-file-width="1010" data-file-height="507" /></a><figcaption>Network address mapping</figcaption></figure> <p>Most network address translators map multiple private hosts to one publicly exposed IP address. </p><p>Here is a typical configuration: </p> <ol><li>A local network uses one of the designated <i>private</i> IP address subnets (RFC 1918<sup id="cite_ref-:0_4-0" class="reference"><a href="#cite_note-:0-4"><span class="cite-bracket">[</span>4<span class="cite-bracket">]</span></a></sup>).</li> <li>The network has a router having both a private and a public address. The private address is used by the router for communicating with other devices in the private local network. The public address (typically assigned by an <a href="/wiki/Internet_service_provider" title="Internet service provider">Internet service provider</a>) is used by the router for communicating with the rest of the Internet.</li> <li>As traffic passes from the network to the Internet, the router translates the source address in each packet from a private address to the router's own public address. The router tracks basic data about each active connection (particularly the destination address and <a href="/wiki/Port_(computer_networking)" title="Port (computer networking)">port</a>). When the router receives inbound traffic from the Internet, it uses the connection tracking data it stored during the outbound phase to determine to which private address (if any) it should forward the reply.<sup id="cite_ref-rfc4787_2-3" class="reference"><a href="#cite_note-rfc4787-2"><span class="cite-bracket">[</span>2<span class="cite-bracket">]</span></a></sup></li></ol> <p>All IP packets have a source IP address and a destination IP address. Typically, packets passing from the private network to the public network will have their source address modified, while packets passing from the public network back to the private network will have their destination address modified. To avoid ambiguity in how replies are translated, further modifications to the packets are required. The vast bulk of Internet traffic uses <a href="/wiki/Transmission_Control_Protocol" title="Transmission Control Protocol">Transmission Control Protocol</a> (TCP) or <a href="/wiki/User_Datagram_Protocol" title="User Datagram Protocol">User Datagram Protocol</a> (UDP). For these protocols, the <a href="/wiki/Port_number" class="mw-redirect" title="Port number">port numbers</a> are changed so that the combination of IP address (within the <a href="/wiki/Internet_protocol_suite#Internet_layer" title="Internet protocol suite">IP header</a>) and port number (within the <a href="/wiki/Internet_protocol_suite#Transport_layer" title="Internet protocol suite">Transport Layer header</a>) on the returned packet can be unambiguously mapped to the corresponding private network destination. RFC 2663 uses the term <b>network address and port translation</b> (<b>NAPT</b>) for this type of NAT.<sup id="cite_ref-:0_4-1" class="reference"><a href="#cite_note-:0-4"><span class="cite-bracket">[</span>4<span class="cite-bracket">]</span></a></sup> Other names include <b>port address translation</b> (<b>PAT</b>), <i>IP masquerading</i>, <i>NAT overload</i>, and <i>many-to-one NAT</i>. This is the most common type of NAT and has become synonymous with the term <i>NAT</i> in common usage. </p><p>This method allows communication through the router only when the conversation originates in the private network, since the initial originating transmission is what establishes the required information in the translation tables. Thus a <a href="/wiki/Web_browser" title="Web browser">web browser</a> within the private network would be able to browse websites that are outside the network, whereas web browsers outside the network would be unable to browse a website hosted within.<sup id="cite_ref-5" class="reference"><a href="#cite_note-5"><span class="cite-bracket">[</span>a<span class="cite-bracket">]</span></a></sup> Protocols not based on TCP and UDP require other translation techniques. </p><p>An additional benefit of one-to-many NAT is that it mitigates <a href="/wiki/IPv4_address_exhaustion" title="IPv4 address exhaustion">IPv4 address exhaustion</a> by allowing entire networks to be connected to the Internet using a single public IP address.<sup id="cite_ref-6" class="reference"><a href="#cite_note-6"><span class="cite-bracket">[</span>b<span class="cite-bracket">]</span></a></sup> </p> <div class="mw-heading mw-heading2"><h2 id="Methods_of_translation"><span class="anchor" id="PORT-TRANSLATION"></span>Methods of translation</h2><span class="mw-editsection"><span class="mw-editsection-bracket">[</span><a href="/w/index.php?title=Network_address_translation&action=edit&section=4" title="Edit section: Methods of translation"><span>edit</span></a><span class="mw-editsection-bracket">]</span></span></div> <p>Network address and port translation may be implemented in several ways. Some applications that use IP address information may need to determine the external address of a network address translator. This is the address that its communication peers in the external network detect. Furthermore, it may be necessary to examine and categorize the type of mapping in use, for example when it is desired to set up a direct communication path between two clients both of which are behind separate NAT gateways. </p><p>For this purpose, RFC 3489 specified a protocol called <i>Simple Traversal of UDP over NATs</i> (<a href="/wiki/STUN" title="STUN">STUN</a>) in 2003. It classified NAT implementations as <i>full-cone NAT</i>, <i>(address) restricted-cone NAT</i>, <i>port-restricted cone NAT</i> or <i>symmetric NAT</i>, and proposed a methodology for testing a device accordingly. However, these procedures have since been deprecated from standards status, as the methods are inadequate to correctly assess many devices. RFC 5389 standardized new methods in 2008 and the acronym <i>STUN</i> now represents the new title of the specification: <i>Session Traversal Utilities for NAT</i>. </p> <table class="wikitable"> <caption>NAT implementation classifications </caption> <tbody><tr> <td><span class="anchor" id="Full-cone_NAT"></span><b>Full-cone NAT</b>, or NAT 1, also known as <i>one-to-one NAT</i> <ul><li>Once an internal address (iAddr:iPort) is mapped to an external address (eAddr:ePort), any packets from iAddr:iPort are sent through eAddr:ePort.</li> <li><i>Any external host</i> can send packets to iAddr:iPort by sending packets to eAddr:ePort.</li></ul> </td> <td><figure class="mw-halign-right" typeof="mw:File"><a href="/wiki/File:Full_Cone_NAT.svg" class="mw-file-description"><img src="//upload.wikimedia.org/wikipedia/commons/thumb/4/44/Full_Cone_NAT.svg/400px-Full_Cone_NAT.svg.png" decoding="async" width="400" height="180" class="mw-file-element" srcset="//upload.wikimedia.org/wikipedia/commons/thumb/4/44/Full_Cone_NAT.svg/600px-Full_Cone_NAT.svg.png 1.5x, //upload.wikimedia.org/wikipedia/commons/thumb/4/44/Full_Cone_NAT.svg/800px-Full_Cone_NAT.svg.png 2x" data-file-width="709" data-file-height="319" /></a><figcaption></figcaption></figure> </td></tr> <tr> <td><span class="anchor" id="Restricted-cone_NAT"></span><b>(Address)-restricted-cone NAT</b>, or NAT 2 <ul><li>Once an internal address (iAddr:iPort) is mapped to an external address (eAddr:ePort), any packets from iAddr:iPort are sent through eAddr:ePort.</li> <li>An external host (<i>hAddr:any</i>) can send packets to iAddr:iPort by sending packets to eAddr:ePort only if iAddr:iPort has previously sent a packet to hAddr:<i>any</i>. <i>Any</i> means the port number doesn't matter.</li></ul> </td> <td><figure class="mw-halign-right" typeof="mw:File"><a href="/wiki/File:Restricted_Cone_NAT.svg" class="mw-file-description"><img src="//upload.wikimedia.org/wikipedia/commons/thumb/3/3c/Restricted_Cone_NAT.svg/400px-Restricted_Cone_NAT.svg.png" decoding="async" width="400" height="180" class="mw-file-element" srcset="//upload.wikimedia.org/wikipedia/commons/thumb/3/3c/Restricted_Cone_NAT.svg/600px-Restricted_Cone_NAT.svg.png 1.5x, //upload.wikimedia.org/wikipedia/commons/thumb/3/3c/Restricted_Cone_NAT.svg/800px-Restricted_Cone_NAT.svg.png 2x" data-file-width="709" data-file-height="319" /></a><figcaption></figcaption></figure> </td></tr> <tr> <td><span class="anchor" id="Port-restricted_cone_NAT"></span><b>Port-restricted cone NAT</b>, or NAT 3 <ul><li>Once an internal address (iAddr:iPort) is mapped to an external address (eAddr:ePort), any packets from iAddr:iPort are sent through eAddr:ePort.</li> <li>An external host (<i>hAddr:hPort</i>) can send packets to iAddr:iPort by sending packets to eAddr:ePort only if iAddr:iPort has previously sent a packet to hAddr:hPort.</li></ul> <p>It like an address restricted cone NAT, but the restriction includes port numbers. </p> </td> <td><figure class="mw-halign-right" typeof="mw:File"><a href="/wiki/File:Port_Restricted_Cone_NAT.svg" class="mw-file-description"><img src="//upload.wikimedia.org/wikipedia/commons/thumb/c/c2/Port_Restricted_Cone_NAT.svg/400px-Port_Restricted_Cone_NAT.svg.png" decoding="async" width="400" height="180" class="mw-file-element" srcset="//upload.wikimedia.org/wikipedia/commons/thumb/c/c2/Port_Restricted_Cone_NAT.svg/600px-Port_Restricted_Cone_NAT.svg.png 1.5x, //upload.wikimedia.org/wikipedia/commons/thumb/c/c2/Port_Restricted_Cone_NAT.svg/800px-Port_Restricted_Cone_NAT.svg.png 2x" data-file-width="709" data-file-height="319" /></a><figcaption></figcaption></figure> </td></tr> <tr> <td><span class="anchor" id="Symmetric_NAT"></span><b>Symmetric NAT</b>, or NAT 4 <ul><li>The combination of one internal IP address plus a destination IP address and port is mapped to a single unique external source IP address and port; if the same internal host sends a packet even with the same source address and port but to a different destination, a different mapping is used.</li> <li>Only an external host that receives a packet from an internal host can send a packet back.</li></ul> </td> <td><figure class="mw-halign-right" typeof="mw:File"><a href="/wiki/File:Symmetric_NAT.svg" class="mw-file-description"><img src="//upload.wikimedia.org/wikipedia/commons/thumb/7/73/Symmetric_NAT.svg/400px-Symmetric_NAT.svg.png" decoding="async" width="400" height="180" class="mw-file-element" srcset="//upload.wikimedia.org/wikipedia/commons/thumb/7/73/Symmetric_NAT.svg/600px-Symmetric_NAT.svg.png 1.5x, //upload.wikimedia.org/wikipedia/commons/thumb/7/73/Symmetric_NAT.svg/800px-Symmetric_NAT.svg.png 2x" data-file-width="709" data-file-height="319" /></a><figcaption></figcaption></figure> </td></tr></tbody></table> <p>Many NAT implementations combine these types, so it is better to refer to specific individual NAT behavior instead of using the Cone/Symmetric terminology. RFC 4787 attempts to alleviate confusion by introducing standardized terminology for observed behaviors. For the first bullet in each row of the above table, the RFC would characterize Full-Cone, Restricted-Cone, and Port-Restricted Cone NATs as having an <i>Endpoint-Independent Mapping</i>, whereas it would characterize a Symmetric NAT as having an <i>Address- and Port-Dependent Mapping</i>. For the second bullet in each row of the above table, RFC 4787 would also label Full-Cone NAT as having an <i>Endpoint-Independent Filtering</i>, Restricted-Cone NAT as having an <i>Address-Dependent Filtering</i>, Port-Restricted Cone NAT as having an <i>Address and Port-Dependent Filtering</i>, and Symmetric NAT as having either an <i>Address-Dependent Filtering</i> or <i>Address and Port-Dependent Filtering</i>. Other classifications of NAT behavior mentioned in the RFC include whether they preserve ports, when and how mappings are refreshed, whether external mappings can be used by internal hosts (i.e., its <a href="/wiki/Hairpinning" class="mw-redirect" title="Hairpinning">hairpinning</a> behavior), and the level of determinism NATs exhibit when applying all these rules.<sup id="cite_ref-rfc4787_2-4" class="reference"><a href="#cite_note-rfc4787-2"><span class="cite-bracket">[</span>2<span class="cite-bracket">]</span></a></sup> Specifically, most NATs combine <i>symmetric NAT</i> for outgoing connections with <i>static <a href="/wiki/Port_mapping" class="mw-redirect" title="Port mapping">port mapping</a></i>, where incoming packets addressed to the external address and port are redirected to a specific internal address and port. </p> <div class="mw-heading mw-heading3"><h3 id="NAT_mapping_vs_NAT_filtering">NAT mapping vs NAT filtering</h3><span class="mw-editsection"><span class="mw-editsection-bracket">[</span><a href="/w/index.php?title=Network_address_translation&action=edit&section=5" title="Edit section: NAT mapping vs NAT filtering"><span>edit</span></a><span class="mw-editsection-bracket">]</span></span></div> <p>RFC 4787<sup id="cite_ref-rfc4787_2-5" class="reference"><a href="#cite_note-rfc4787-2"><span class="cite-bracket">[</span>2<span class="cite-bracket">]</span></a></sup> makes a distinction between NAT mapping and NAT filtering. </p><p>Section 4.1 of the RFC covers NAT mapping and specifies how an external IP address and port number should be translated into an internal IP address and port number. It defines Endpoint-Independent Mapping, Address-Dependent Mapping and Address and Port-Dependent Mapping, explains that these three possible choices do not relate to the security of the NAT as security is determined by the filtering behavior and then specifies "A NAT MUST have an 'Endpoint-Independent Mapping' behavior." </p><p>Section 5 of the RFC covers NAT filtering and describes what criteria are used by the NAT to filter packets originating from specific external endpoints. The options are Endpoint-Independent Filtering, Address-Dependent Filtering and Address and Port-Dependent Filtering. Endpoint-Independent Filtering is recommended where maximum application transparency is required while Address-Dependent Filtering is recommended where more stringent filtering behavior is most important. </p><p>Some NAT devices are not yet compliant with RFC 4787 as they treat NAT mapping and filtering in the same way so that their configuration option for changing the NAT filtering method also changes the NAT mapping method (e.g. <a rel="nofollow" class="external text" href="https://docs.netgate.com/tnsr/en/latest/nat/modes.html">Netgate TNSR</a>). The PF firewall has a <a rel="nofollow" class="external text" href="https://reviews.freebsd.org/D11137">patch</a> available to enable RFC 4787 support but this has not yet been merged. </p> <div class="mw-heading mw-heading2"><h2 id="Type_of_NAT_and_NAT_traversal,_role_of_port_preservation_for_TCP"><span id="Type_of_NAT_and_NAT_traversal.2C_role_of_port_preservation_for_TCP"></span><span class="anchor" id="PORT-PRESERVATION"></span>Type of NAT and NAT traversal, role of port preservation for TCP</h2><span class="mw-editsection"><span class="mw-editsection-bracket">[</span><a href="/w/index.php?title=Network_address_translation&action=edit&section=6" title="Edit section: Type of NAT and NAT traversal, role of port preservation for TCP"><span>edit</span></a><span class="mw-editsection-bracket">]</span></span></div> <p>The <a href="/wiki/NAT_traversal" title="NAT traversal">NAT traversal</a> problem arises when peers behind different NATs try to communicate. One way to solve this problem is to use <a href="/wiki/Port_forwarding" title="Port forwarding">port forwarding</a>. Another way is to use various NAT traversal techniques. The most popular technique for TCP NAT traversal is <a href="/wiki/TCP_hole_punching" title="TCP hole punching">TCP hole punching</a>. </p><p>TCP hole punching requires the NAT to follow the <i>port preservation</i> design for TCP. For a given outgoing TCP communication, the same port numbers are used on both sides of the NAT. NAT port preservation for outgoing TCP connections is crucial for TCP NAT traversal because, under TCP, one port can only be used for one communication at a time. Programs that bind distinct TCP sockets to <a href="/wiki/Ephemeral_ports" class="mw-redirect" title="Ephemeral ports">ephemeral ports</a> for each TCP communication, make NAT port prediction impossible for TCP.<sup id="cite_ref-rfc4787_2-6" class="reference"><a href="#cite_note-rfc4787-2"><span class="cite-bracket">[</span>2<span class="cite-bracket">]</span></a></sup> </p><p>On the other hand, for UDP, NATs do not need port preservation. Indeed, multiple UDP communications (each with a distinct <a href="/wiki/Communication_endpoint" title="Communication endpoint">endpoint</a>) can occur on the same source port, and applications usually reuse the same UDP socket to send packets to distinct hosts. This makes port prediction straightforward, as it is the same source port for each packet. </p><p>Furthermore, port preservation in NAT for TCP allows P2P protocols to offer less complexity and less latency because there is no need to use a third party (like STUN) to discover the NAT port since the application itself already knows the NAT port.<sup id="cite_ref-rfc4787_2-7" class="reference"><a href="#cite_note-rfc4787-2"><span class="cite-bracket">[</span>2<span class="cite-bracket">]</span></a></sup><sup id="cite_ref-7" class="reference"><a href="#cite_note-7"><span class="cite-bracket">[</span>5<span class="cite-bracket">]</span></a></sup> </p><p>However, if two internal hosts attempt to communicate with the same external host using the same port number, the NAT may attempt to use a different external IP address for the second connection or may need to forgo port preservation and remap the port.<sup id="cite_ref-rfc4787_2-8" class="reference"><a href="#cite_note-rfc4787-2"><span class="cite-bracket">[</span>2<span class="cite-bracket">]</span></a></sup><sup class="reference nowrap"><span title="Page / location: 9">: 9 </span></sup> </p><p>As of 2006<sup class="plainlinks noexcerpt noprint asof-tag update" style="display:none;"><a class="external text" href="https://en.wikipedia.org/w/index.php?title=Network_address_translation&action=edit">[update]</a></sup>, roughly 70% of the clients in <a href="/wiki/Peer-to-peer" title="Peer-to-peer">P2P</a> networks employed some form of NAT.<sup id="cite_ref-8" class="reference"><a href="#cite_note-8"><span class="cite-bracket">[</span>6<span class="cite-bracket">]</span></a></sup> </p> <div class="mw-heading mw-heading2"><h2 id="Implementation">Implementation</h2><span class="mw-editsection"><span class="mw-editsection-bracket">[</span><a href="/w/index.php?title=Network_address_translation&action=edit&section=7" title="Edit section: Implementation"><span>edit</span></a><span class="mw-editsection-bracket">]</span></span></div> <div class="mw-heading mw-heading3"><h3 id="Establishing_two-way_communication">Establishing two-way communication</h3><span class="mw-editsection"><span class="mw-editsection-bracket">[</span><a href="/w/index.php?title=Network_address_translation&action=edit&section=8" title="Edit section: Establishing two-way communication"><span>edit</span></a><span class="mw-editsection-bracket">]</span></span></div> <figure class="mw-default-size" typeof="mw:File/Thumb"><a href="/wiki/File:Bidirectional_NAT-en.svg" class="mw-file-description"><img src="//upload.wikimedia.org/wikipedia/commons/thumb/5/56/Bidirectional_NAT-en.svg/220px-Bidirectional_NAT-en.svg.png" decoding="async" width="220" height="155" class="mw-file-element" srcset="//upload.wikimedia.org/wikipedia/commons/thumb/5/56/Bidirectional_NAT-en.svg/330px-Bidirectional_NAT-en.svg.png 1.5x, //upload.wikimedia.org/wikipedia/commons/thumb/5/56/Bidirectional_NAT-en.svg/440px-Bidirectional_NAT-en.svg.png 2x" data-file-width="404" data-file-height="284" /></a><figcaption>In bidirectional NAT the session can be established both from inside and outside realms.</figcaption></figure> <p>Every TCP and UDP packet contains a source port number and a destination port number. Each of those packets is encapsulated in an IP packet, whose <a href="/wiki/IP_header" title="IP header">IP header</a> contains a source IP address and a destination IP address. The IP address/protocol/port number triple defines an association with a <a href="/wiki/Network_socket" title="Network socket">network socket</a>. </p><p>For publicly accessible services such as web and mail servers the port number is important. For example, port 443 connects through a socket to the <a href="/wiki/Web_server" title="Web server">web server</a> software and port 465 to a mail server's <a href="/wiki/SMTP" class="mw-redirect" title="SMTP">SMTP</a> <a href="/wiki/Daemon_(computer_software)" class="mw-redirect" title="Daemon (computer software)">daemon</a>.<sup id="cite_ref-9" class="reference"><a href="#cite_note-9"><span class="cite-bracket">[</span>7<span class="cite-bracket">]</span></a></sup> The IP address of a public server is also important, similar in global uniqueness to a postal address or telephone number. Both IP address and port number must be correctly known by all hosts wishing to successfully communicate. </p><p>Private IP addresses as described in RFC 1918 are usable only on private networks not directly connected to the internet. Ports are endpoints of communication unique to that host, so a connection through the NAT device is maintained by the combined mapping of port and IP address. A private address on the inside of the NAT is mapped to an external public address. Port address translation (PAT) resolves conflicts that arise when multiple hosts happen to use the same source port number to establish different external connections at the same time. </p> <div class="mw-heading mw-heading3"><h3 id="Telephone_number_extension_analogy">Telephone number extension analogy</h3><span class="mw-editsection"><span class="mw-editsection-bracket">[</span><a href="/w/index.php?title=Network_address_translation&action=edit&section=9" title="Edit section: Telephone number extension analogy"><span>edit</span></a><span class="mw-editsection-bracket">]</span></span></div> <p>A NAT device is similar to a phone system at an office that has one public telephone number and multiple extensions. Outbound phone calls made from the office all appear to come from the same telephone number. However, an incoming call that does not specify an extension cannot be automatically transferred to an individual inside the office. In this scenario, the office is a private LAN, the main phone number is the public IP address, and the individual extensions are unique port numbers.<sup id="cite_ref-10" class="reference"><a href="#cite_note-10"><span class="cite-bracket">[</span>8<span class="cite-bracket">]</span></a></sup> </p> <div class="mw-heading mw-heading3"><h3 id="Translation_process">Translation process</h3><span class="mw-editsection"><span class="mw-editsection-bracket">[</span><a href="/w/index.php?title=Network_address_translation&action=edit&section=10" title="Edit section: Translation process"><span>edit</span></a><span class="mw-editsection-bracket">]</span></span></div> <p>With NAT, all communications sent to external hosts actually contain the <i>external</i> IP address and port information of the NAT device instead of internal host IP addresses or port numbers. NAT only translates IP addresses and ports of its internal hosts, hiding the true endpoint of an internal host on a private network. </p><p>When a computer on the private (internal) network sends an IP packet to the external network, the NAT device replaces the internal source IP address in the packet header with the external IP address of the NAT device. PAT may then assign the connection a port number from a pool of available ports,<sup id="cite_ref-11" class="reference"><a href="#cite_note-11"><span class="cite-bracket">[</span>c<span class="cite-bracket">]</span></a></sup> inserting this port number in the source port field. The packet is then forwarded to the external network. The NAT device then makes an entry in a translation table containing the internal IP address, original source port, and the translated source port. Subsequent packets from the same internal source IP address and port number are translated to the same external source IP address and port number. The computer receiving a packet that has undergone NAT establishes a connection to the port and IP address specified in the altered packet, oblivious to the fact that the supplied address is being translated. </p><p>Upon receiving a packet from the external network, the NAT device searches the translation table based on the destination port in the packet header. If a match is found, the destination IP address and port number is replaced with the values found in the table and the packet is forwarded to the inside network. Otherwise, if the destination port number of the incoming packet is not found in the translation table, the packet is dropped or rejected because the PAT device doesn't know where to send it. </p> <div class="mw-heading mw-heading2"><h2 id="Applications">Applications</h2><span class="mw-editsection"><span class="mw-editsection-bracket">[</span><a href="/w/index.php?title=Network_address_translation&action=edit&section=11" title="Edit section: Applications"><span>edit</span></a><span class="mw-editsection-bracket">]</span></span></div> <dl><dt>Routing</dt> <dd>Network address translation can be used to mitigate IP address overlap.<sup id="cite_ref-12" class="reference"><a href="#cite_note-12"><span class="cite-bracket">[</span>9<span class="cite-bracket">]</span></a></sup><sup id="cite_ref-13" class="reference"><a href="#cite_note-13"><span class="cite-bracket">[</span>10<span class="cite-bracket">]</span></a></sup> Address overlap occurs when hosts in different networks with the same IP address space try to reach the same destination host. This is most often a misconfiguration and may result from the merger of two networks or subnets, especially when using RFC 1918 <a href="/wiki/Private_network" title="Private network">private network</a> addressing. The destination host experiences traffic apparently arriving from the same network, and intermediate routers have no way to determine where reply traffic should be sent to. The solution is either renumbering to eliminate overlap or network address translation.</dd></dl> <dl><dt>Load balancing</dt> <dd>In <a href="/wiki/Client%E2%80%93server" class="mw-redirect" title="Client–server">client–server</a> applications, <a href="/wiki/Load_balancing_(computing)" title="Load balancing (computing)">load balancers</a> forward client requests to a set of server computers to manage the workload of each server. Network address translation may be used to map a representative IP address of the server cluster to specific hosts that service the request.<sup id="cite_ref-14" class="reference"><a href="#cite_note-14"><span class="cite-bracket">[</span>11<span class="cite-bracket">]</span></a></sup><sup id="cite_ref-15" class="reference"><a href="#cite_note-15"><span class="cite-bracket">[</span>12<span class="cite-bracket">]</span></a></sup><sup id="cite_ref-16" class="reference"><a href="#cite_note-16"><span class="cite-bracket">[</span>13<span class="cite-bracket">]</span></a></sup><sup id="cite_ref-17" class="reference"><a href="#cite_note-17"><span class="cite-bracket">[</span>14<span class="cite-bracket">]</span></a></sup></dd></dl> <div class="mw-heading mw-heading2"><h2 id="Related_techniques">Related techniques</h2><span class="mw-editsection"><span class="mw-editsection-bracket">[</span><a href="/w/index.php?title=Network_address_translation&action=edit&section=12" title="Edit section: Related techniques"><span>edit</span></a><span class="mw-editsection-bracket">]</span></span></div> <p><a href="/wiki/IEEE" class="mw-redirect" title="IEEE">IEEE</a> Reverse Address and Port Translation (RAPT or RAT) allows a host whose real <a href="/wiki/IP_address" title="IP address">IP address</a> changes from time to time to remain reachable as a server via a fixed home IP address.<sup id="cite_ref-18" class="reference"><a href="#cite_note-18"><span class="cite-bracket">[</span>15<span class="cite-bracket">]</span></a></sup> <a href="/wiki/Cisco" title="Cisco">Cisco</a>'s RAPT implementation is PAT or NAT overloading and maps multiple private IP addresses to a single public IP address. Multiple addresses can be mapped to a single address because each private address is tracked by a port number. PAT uses unique source port numbers on the inside global IP address to distinguish between translations.<sup id="cite_ref-19" class="reference"><a href="#cite_note-19"><span class="cite-bracket">[</span>d<span class="cite-bracket">]</span></a></sup> PAT attempts to preserve the original source port. If this source port is already used, PAT assigns the first available port number starting from the beginning of the appropriate port group 0–511, 512–1023, or 1024–65535. When there are no more ports available and there is more than one external IP address configured, PAT moves to the next IP address to try to allocate the original source port again. This process continues until it runs out of available ports and external IP addresses. </p><p><a href="/wiki/Mapping_of_Address_and_Port" title="Mapping of Address and Port">Mapping of Address and Port</a> is a Cisco proposal that combines <a href="/wiki/Address_plus_Port" title="Address plus Port">Address plus Port</a> translation with tunneling of the IPv4 packets over an ISP provider's internal <a href="/wiki/IPv6" title="IPv6">IPv6</a> network. In effect, it is an (almost) <a href="/wiki/Stateless_protocol" title="Stateless protocol">stateless</a> alternative to <a href="/wiki/Carrier-grade_NAT" title="Carrier-grade NAT">carrier-grade NAT</a> and <a href="/wiki/DS-Lite" class="mw-redirect" title="DS-Lite">DS-Lite</a> that pushes the <a href="/wiki/IPv4_address" class="mw-redirect" title="IPv4 address">IPv4 address</a>/port translation function (and the maintenance of NAT state) entirely into the existing <a href="/wiki/Customer_premises_equipment" class="mw-redirect" title="Customer premises equipment">customer premises equipment</a> NAT implementation. Thus avoiding the <a href="/wiki/NAT444" class="mw-redirect" title="NAT444">NAT444</a> and statefulness problems of carrier-grade NAT, and also provides a transition mechanism for the deployment of native IPv6 at the same time with very little added complexity. </p> <div class="mw-heading mw-heading2"><h2 id="Issues_and_limitations">Issues and limitations</h2><span class="mw-editsection"><span class="mw-editsection-bracket">[</span><a href="/w/index.php?title=Network_address_translation&action=edit&section=13" title="Edit section: Issues and limitations"><span>edit</span></a><span class="mw-editsection-bracket">]</span></span></div> <p>Hosts behind NAT-enabled routers do not have <a href="/wiki/End-to-end_connectivity" class="mw-redirect" title="End-to-end connectivity">end-to-end connectivity</a> and cannot participate in some internet protocols. Services that require the initiation of <a href="/wiki/Transmission_Control_Protocol" title="Transmission Control Protocol">TCP</a> connections from the outside network, or that use stateless protocols such as those using <a href="/wiki/User_Datagram_Protocol" title="User Datagram Protocol">UDP</a>, can be disrupted. Unless the NAT router makes a specific effort to support such protocols, incoming packets cannot reach their destination. Some protocols can accommodate one instance of NAT between participating hosts ("passive mode" <a href="/wiki/FTP" class="mw-redirect" title="FTP">FTP</a>, for example), sometimes with the assistance of an <a href="/wiki/Application-level_gateway" title="Application-level gateway">application-level gateway</a> (see <a href="#Applications_affected_by_NAT">§ Applications affected by NAT</a>), but fail when both systems are separated from the internet by NAT. The use of NAT also complicates <a href="/wiki/Tunneling_protocol" title="Tunneling protocol">tunneling protocols</a> such as <a href="/wiki/IPsec" title="IPsec">IPsec</a> because NAT modifies values in the headers which interfere with the integrity checks done by <a href="/wiki/IPsec" title="IPsec">IPsec</a> and other tunneling protocols. </p><p>End-to-end connectivity has been a core principle of the Internet, supported, for example, by the <a href="/wiki/Internet_Architecture_Board" title="Internet Architecture Board">Internet Architecture Board</a>. Current Internet architectural documents observe that NAT is a violation of the <a href="/wiki/End-to-end_principle" title="End-to-end principle">end-to-end principle</a>, but that NAT does have a valid role in careful design.<sup id="cite_ref-rfc3439_20-0" class="reference"><a href="#cite_note-rfc3439-20"><span class="cite-bracket">[</span>16<span class="cite-bracket">]</span></a></sup> There is considerably more concern with the use of IPv6 NAT, and many IPv6 architects believe IPv6 was intended to remove the need for NAT.<sup id="cite_ref-rfc4864_21-0" class="reference"><a href="#cite_note-rfc4864-21"><span class="cite-bracket">[</span>17<span class="cite-bracket">]</span></a></sup> </p><p>An implementation that only tracks ports can be quickly depleted by internal applications that use multiple simultaneous connections such as an <a href="/wiki/HTTP" title="HTTP">HTTP</a> request for a web page with many embedded objects. This problem can be mitigated by tracking the destination IP address in addition to the port thus sharing a single local port with many remote hosts. This additional tracking increases implementation complexity and computing resources at the translation device. </p><p>Because the internal addresses are all disguised behind one publicly accessible address, it is impossible for external hosts to directly initiate a connection to a particular internal host. Applications such as <a href="/wiki/VOIP" class="mw-redirect" title="VOIP">VOIP</a>, <a href="/wiki/Videoconferencing" class="mw-redirect" title="Videoconferencing">videoconferencing</a>, and other peer-to-peer applications must use <a href="/wiki/NAT_traversal" title="NAT traversal">NAT traversal</a> techniques to function. </p> <div class="mw-heading mw-heading3"><h3 id="Fragmentation_and_checksums">Fragmentation and checksums</h3><span class="mw-editsection"><span class="mw-editsection-bracket">[</span><a href="/w/index.php?title=Network_address_translation&action=edit&section=14" title="Edit section: Fragmentation and checksums"><span>edit</span></a><span class="mw-editsection-bracket">]</span></span></div> <p>Pure NAT, operating on IP alone, may or may not correctly parse protocols with payloads containing information about IP, such as <a href="/wiki/ICMP" class="mw-redirect" title="ICMP">ICMP</a>. This depends on whether the payload is interpreted by a host on the <i>inside</i> or <i>outside</i> of the translation. Basic protocols as <a href="/wiki/Transmission_Control_Protocol" title="Transmission Control Protocol">TCP</a> and <a href="/wiki/User_Datagram_Protocol" title="User Datagram Protocol">UDP</a> cannot function properly unless NAT takes action beyond the network layer. </p><p>IP packets have a checksum in each packet header, which provides error detection only for the header. IP datagrams may become fragmented and it is necessary for a NAT to reassemble these fragments to allow correct recalculation of higher-level checksums and correct tracking of which packets belong to which connection. </p><p>TCP and UDP, have a checksum that covers all the data they carry, as well as the TCP or UDP header, plus a <i>pseudo-header</i> that contains the source and destination IP addresses of the packet carrying the TCP or UDP header. For an originating NAT to pass TCP or UDP successfully, it must recompute the TCP or UDP header checksum based on the translated IP addresses, not the original ones, and put that checksum into the TCP or UDP header of the first packet of the fragmented set of packets. </p><p>Alternatively, the originating host may perform <a href="/wiki/Path_MTU_Discovery" title="Path MTU Discovery">path MTU Discovery</a> to determine the packet size that can be transmitted without fragmentation and then set the <i>don't fragment</i> (DF) bit in the appropriate packet header field. This is only a one-way solution, because the responding host can send packets of any size, which may be fragmented before reaching the NAT. </p> <div class="mw-heading mw-heading2"><h2 id="Variant_terms">Variant terms</h2><span class="mw-editsection"><span class="mw-editsection-bracket">[</span><a href="/w/index.php?title=Network_address_translation&action=edit&section=15" title="Edit section: Variant terms"><span>edit</span></a><span class="mw-editsection-bracket">]</span></span></div> <div class="mw-heading mw-heading3"><h3 id="DNAT">DNAT</h3><span class="mw-editsection"><span class="mw-editsection-bracket">[</span><a href="/w/index.php?title=Network_address_translation&action=edit&section=16" title="Edit section: DNAT"><span>edit</span></a><span class="mw-editsection-bracket">]</span></span></div> <p>Destination network address translation (DNAT) is a technique for transparently changing the destination <a href="/wiki/IP_address" title="IP address">IP address</a> of a routed packet and performing the inverse function for any replies. Any <a href="/wiki/Router_(computing)" title="Router (computing)">router</a> situated between two endpoints can perform this transformation of the packet. </p><p>DNAT is commonly used to publish a service located in a private network on a publicly accessible IP address. This use of DNAT is also called <a href="/wiki/Port_forwarding" title="Port forwarding">port forwarding</a>, or <a href="/wiki/DMZ_(computing)" title="DMZ (computing)">DMZ</a> when used on an entire <a href="/wiki/Server_(computing)" title="Server (computing)">server</a>, which becomes exposed to the WAN, becoming analogous to an undefended military <a href="/wiki/Demilitarized_zone" title="Demilitarized zone">demilitarized zone</a> (DMZ). </p> <div class="mw-heading mw-heading3"><h3 id="SNAT">SNAT</h3><span class="mw-editsection"><span class="mw-editsection-bracket">[</span><a href="/w/index.php?title=Network_address_translation&action=edit&section=17" title="Edit section: SNAT"><span>edit</span></a><span class="mw-editsection-bracket">]</span></span></div> <p>The meaning of the term <i>SNAT</i> varies by vendor:<sup id="cite_ref-22" class="reference"><a href="#cite_note-22"><span class="cite-bracket">[</span>18<span class="cite-bracket">]</span></a></sup><sup id="cite_ref-23" class="reference"><a href="#cite_note-23"><span class="cite-bracket">[</span>19<span class="cite-bracket">]</span></a></sup><sup id="cite_ref-24" class="reference"><a href="#cite_note-24"><span class="cite-bracket">[</span>20<span class="cite-bracket">]</span></a></sup> </p> <ul><li><i>source NAT</i> is a common expansion and is the counterpart of <i>destination NAT</i> (<i>DNAT</i>). This is used to describe one-to-many NAT; NAT for outgoing connections to public services.</li> <li><i>stateful NAT</i> is used by <a href="/wiki/Cisco_Systems" class="mw-redirect" title="Cisco Systems">Cisco Systems</a><sup id="cite_ref-25" class="reference"><a href="#cite_note-25"><span class="cite-bracket">[</span>21<span class="cite-bracket">]</span></a></sup></li> <li><i>static NAT</i> is used by WatchGuard<sup id="cite_ref-26" class="reference"><a href="#cite_note-26"><span class="cite-bracket">[</span>22<span class="cite-bracket">]</span></a></sup></li> <li><i>secure NAT</i> is used by <a href="/wiki/F5_Networks" class="mw-redirect" title="F5 Networks">F5 Networks</a><sup id="cite_ref-27" class="reference"><a href="#cite_note-27"><span class="cite-bracket">[</span>23<span class="cite-bracket">]</span></a></sup> and by Microsoft (in regard to the <a href="/wiki/ISA_Server" class="mw-redirect" title="ISA Server">ISA Server</a>)</li></ul> <p>Secure network address translation (SNAT) is part of Microsoft's <a href="/wiki/Internet_Security_and_Acceleration_Server" class="mw-redirect" title="Internet Security and Acceleration Server">Internet Security and Acceleration Server</a> and is an extension to the NAT driver built into <a href="/wiki/Microsoft_Windows_Server" class="mw-redirect" title="Microsoft Windows Server">Microsoft Windows Server</a>. It provides connection tracking and filtering for the additional network connections needed for the <a href="/wiki/FTP" class="mw-redirect" title="FTP">FTP</a>, <a href="/wiki/ICMP" class="mw-redirect" title="ICMP">ICMP</a>, <a href="/wiki/H.323" title="H.323">H.323</a>, and <a href="/wiki/PPTP" class="mw-redirect" title="PPTP">PPTP</a> protocols as well as the ability to configure a transparent HTTP <a href="/wiki/Proxy_server" title="Proxy server">proxy server</a>. </p> <div class="mw-heading mw-heading3"><h3 id="Dynamic_network_address_translation">Dynamic network address translation</h3><span class="mw-editsection"><span class="mw-editsection-bracket">[</span><a href="/w/index.php?title=Network_address_translation&action=edit&section=18" title="Edit section: Dynamic network address translation"><span>edit</span></a><span class="mw-editsection-bracket">]</span></span></div> <figure class="mw-default-size" typeof="mw:File/Thumb"><a href="/wiki/File:Dynamic_NAT-en.svg" class="mw-file-description"><img src="//upload.wikimedia.org/wikipedia/commons/thumb/c/cc/Dynamic_NAT-en.svg/220px-Dynamic_NAT-en.svg.png" decoding="async" width="220" height="191" class="mw-file-element" srcset="//upload.wikimedia.org/wikipedia/commons/thumb/c/cc/Dynamic_NAT-en.svg/330px-Dynamic_NAT-en.svg.png 1.5x, //upload.wikimedia.org/wikipedia/commons/thumb/c/cc/Dynamic_NAT-en.svg/440px-Dynamic_NAT-en.svg.png 2x" data-file-width="407" data-file-height="353" /></a><figcaption>How dynamic NAT works.</figcaption></figure> <p>Dynamic NAT, just like static NAT, is not common in smaller networks but is found within larger corporations with complex networks. Where static NAT provides a one-to-one internal to public static IP address mapping, dynamic NAT uses a <i>group</i> of public IP addresses.<sup id="cite_ref-28" class="reference"><a href="#cite_note-28"><span class="cite-bracket">[</span>24<span class="cite-bracket">]</span></a></sup><sup id="cite_ref-29" class="reference"><a href="#cite_note-29"><span class="cite-bracket">[</span>25<span class="cite-bracket">]</span></a></sup> </p> <div class="mw-heading mw-heading2"><h2 id="NAT_hairpinning"><span class="anchor" id="NAT_loopback"></span>NAT hairpinning</h2><span class="mw-editsection"><span class="mw-editsection-bracket">[</span><a href="/w/index.php?title=Network_address_translation&action=edit&section=19" title="Edit section: NAT hairpinning"><span>edit</span></a><span class="mw-editsection-bracket">]</span></span></div> <p><b>NAT hairpinning</b>, also known as <b>NAT loopback</b> or <b>NAT reflection</b>,<sup id="cite_ref-30" class="reference"><a href="#cite_note-30"><span class="cite-bracket">[</span>26<span class="cite-bracket">]</span></a></sup> is a feature in many consumer routers<sup id="cite_ref-31" class="reference"><a href="#cite_note-31"><span class="cite-bracket">[</span>27<span class="cite-bracket">]</span></a></sup> where a machine on the <a href="/wiki/LAN" class="mw-redirect" title="LAN">LAN</a> is able to access another machine on the LAN via the external IP address of the LAN/router (with port forwarding set up on the router to direct requests to the appropriate machine on the LAN). This notion is officially described in 2008, <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><a href="/wiki/RFC_(identifier)" class="mw-redirect" title="RFC (identifier)">RFC</a> <a rel="nofollow" class="external text" href="https://datatracker.ietf.org/doc/html/rfc5128">5128</a>. </p><p>The following describes an example network: </p> <ul><li>Public address: <i><span class="ipaddr"><span style="padding-right: 1px;">203.0.113.1</span></span></i>. This is the address of the <a href="/wiki/Wide_area_network" title="Wide area network">WAN</a> interface on the router.</li> <li>Internal address of router: <i><span class="ipaddr"><span style="padding-right: 1px;">192.168.1.1</span></span></i></li> <li>Address of the server: <i><span class="ipaddr"><span style="padding-right: 1px;">192.168.1.2</span></span></i></li> <li>Address of a local computer: <i><span class="ipaddr"><span style="padding-right: 1px;">192.168.1.100</span></span></i></li></ul> <p>If a packet is sent to <i><span class="ipaddr"><span style="padding-right: 1px;">203.0.113.1</span></span></i> by a computer at <i><span class="ipaddr"><span style="padding-right: 1px;">192.168.1.100</span></span></i>, the packet would normally be routed to the <a href="/wiki/Default_gateway" title="Default gateway">default gateway</a> (the router)<sup id="cite_ref-32" class="reference"><a href="#cite_note-32"><span class="cite-bracket">[</span>e<span class="cite-bracket">]</span></a></sup> A router with the NAT loopback feature detects that <i><span class="ipaddr"><span style="padding-right: 1px;">203.0.113.1</span></span></i> is the address of its WAN interface, and treats the packet as if coming from that interface. It determines the destination for that packet, based on DNAT (port forwarding) rules for the destination. If the data were sent to port 80 and a DNAT rule exists for port 80 directed to <i><span class="ipaddr"><span style="padding-right: 1px;">192.168.1.2</span></span></i>, then the host at that address receives the packet. </p><p>If no applicable DNAT rule is available, the router drops the packet. An <a href="/wiki/ICMP_Destination_Unreachable" class="mw-redirect" title="ICMP Destination Unreachable">ICMP Destination Unreachable</a> reply may be sent. If any DNAT rules were present, address translation is still in effect; the router still rewrites the source IP address in the packet. The local computer (<i><span class="ipaddr"><span style="padding-right: 1px;">192.168.1.100</span></span></i>) sends the packet as coming from <i><span class="ipaddr"><span style="padding-right: 1px;">192.168.1.100</span></span></i>, but the server (<i><span class="ipaddr"><span style="padding-right: 1px;">192.168.1.2</span></span></i>) receives it as coming from <i><span class="ipaddr"><span style="padding-right: 1px;">203.0.113.1</span></span></i>. When the server replies, the process is identical to an external sender. Thus, two-way communication is possible between hosts inside the LAN network via the public IP address. </p> <div class="mw-heading mw-heading2"><h2 id="NAT_in_IPv6">NAT in IPv6</h2><span class="mw-editsection"><span class="mw-editsection-bracket">[</span><a href="/w/index.php?title=Network_address_translation&action=edit&section=20" title="Edit section: NAT in IPv6"><span>edit</span></a><span class="mw-editsection-bracket">]</span></span></div> <p>Network address translation is not commonly used in <a href="/wiki/IPv6" title="IPv6">IPv6</a> because one of the design goals of IPv6 is to restore end-to-end network connectivity.<sup id="cite_ref-33" class="reference"><a href="#cite_note-33"><span class="cite-bracket">[</span>28<span class="cite-bracket">]</span></a></sup> The large addressing space of IPv6 obviates the need to conserve addresses and every device can be given a unique globally routable address. Use of <a href="/wiki/Unique_local_address" title="Unique local address">unique local addresses</a> in combination with <a href="/wiki/IPv6-to-IPv6_Network_Prefix_Translation" title="IPv6-to-IPv6 Network Prefix Translation">network prefix translation</a> can achieve results similar to NAT. </p><p>The large addressing space of IPv6 can still be defeated depending on the actual prefix length given by the carrier. It is not uncommon to be handed a /64 prefix – the smallest recommended subnet – for an entire home network, requiring a variety of techniques to be used to manually subdivide the range for all devices to remain reachable.<sup id="cite_ref-34" class="reference"><a href="#cite_note-34"><span class="cite-bracket">[</span>29<span class="cite-bracket">]</span></a></sup> Even actual IPv6-to-IPv6 NAT, NAT66, can turn out useful at times: the APNIC blog outlines a case where the author was only provided a single address (/128).<sup id="cite_ref-35" class="reference"><a href="#cite_note-35"><span class="cite-bracket">[</span>30<span class="cite-bracket">]</span></a></sup> </p> <div class="mw-heading mw-heading2"><h2 id="Applications_affected_by_NAT">Applications affected by NAT</h2><span class="mw-editsection"><span class="mw-editsection-bracket">[</span><a href="/w/index.php?title=Network_address_translation&action=edit&section=21" title="Edit section: Applications affected by NAT"><span>edit</span></a><span class="mw-editsection-bracket">]</span></span></div> <p>Some <a href="/wiki/Application_layer" title="Application layer">application layer</a> protocols, such as <a href="/wiki/File_Transfer_Protocol" title="File Transfer Protocol">File Transfer Protocol</a> (FTP) and <a href="/wiki/Session_Initiation_Protocol" title="Session Initiation Protocol">Session Initiation Protocol</a> (SIP), send explicit network addresses within their application data. File Transfer Protocol in active mode, for example, uses separate connections for control traffic (commands) and for data traffic (file contents). When requesting a file transfer, the host making the request identifies the corresponding data connection by its <a href="/wiki/Network_layer" title="Network layer">network layer</a> and <a href="/wiki/Transport_layer" title="Transport layer">transport layer</a> addresses. If the host making the request lies behind a simple NAT firewall, the translation of the IP address or TCP port number makes the information received by the server invalid. SIP commonly controls <a href="/wiki/Voice_over_IP" title="Voice over IP">voice over IP</a> calls, and suffer the same problem. SIP and its accompanying <a href="/wiki/Session_Description_Protocol" title="Session Description Protocol">Session Description Protocol</a> may use multiple ports to set up a connection and transmit voice stream via <a href="/wiki/Real-time_Transport_Protocol" title="Real-time Transport Protocol">Real-time Transport Protocol</a>. IP addresses and port numbers are encoded in the payload data and must be known before the traversal of NATs. Without special techniques, such as <a href="/wiki/STUN" title="STUN">STUN</a>, NAT behavior is unpredictable and communications may fail. <a href="/wiki/Application_Layer_Gateway" class="mw-redirect" title="Application Layer Gateway">Application Layer Gateway</a> (ALG) software or hardware may correct these problems. An ALG software module running on a NAT firewall device updates any payload data made invalid by address translation. ALGs need to understand the higher-layer protocol that they need to fix, and so each protocol with this problem requires a separate ALG. For example, on many Linux systems, there are kernel modules called <i>connection trackers</i> that serve to implement ALGs. However, ALG cannot work if the protocol data is encrypted. </p><p>Another possible solution to this problem is to use <a href="/wiki/NAT_traversal" title="NAT traversal">NAT traversal</a> techniques using protocols such as <a href="/wiki/STUN" title="STUN">STUN</a> or <a href="/wiki/Interactive_Connectivity_Establishment" title="Interactive Connectivity Establishment">Interactive Connectivity Establishment</a> (ICE), or proprietary approaches in a <a href="/wiki/Session_border_controller" title="Session border controller">session border controller</a>. NAT traversal is possible in both TCP- and UDP-based applications, but <a href="/wiki/UDP_hole_punching" title="UDP hole punching">the UDP-based technique</a> is simpler, more widely understood, and more compatible with legacy NATs.<sup class="noprint Inline-Template Template-Fact" style="white-space:nowrap;">[<i><a href="/wiki/Wikipedia:Citation_needed" title="Wikipedia:Citation needed"><span title="This claim needs references to reliable sources. (February 2011)">citation needed</span></a></i>]</sup> In either case, the high-level protocol must be designed with NAT traversal in mind, and it does not work reliably across symmetric NATs or other poorly behaved legacy NATs. </p><p>Other possibilities are <a href="/wiki/Port_Control_Protocol" title="Port Control Protocol">Port Control Protocol</a> (PCP),<sup id="cite_ref-rfc6887_36-0" class="reference"><a href="#cite_note-rfc6887-36"><span class="cite-bracket">[</span>31<span class="cite-bracket">]</span></a></sup> <a href="/wiki/NAT_Port_Mapping_Protocol" title="NAT Port Mapping Protocol">NAT Port Mapping Protocol</a> (NAT-PMP), or <a href="/wiki/Internet_Gateway_Device_Protocol" title="Internet Gateway Device Protocol">Internet Gateway Device Protocol</a> but these require the NAT device to implement that protocol. </p><p>Most client–server protocols (FTP being the main exception<sup id="cite_ref-37" class="reference"><a href="#cite_note-37"><span class="cite-bracket">[</span>f<span class="cite-bracket">]</span></a></sup>), however, do not send layer 3 contact information and do not require any special treatment by NATs. In fact, avoiding NAT complications is practically a requirement when designing new higher-layer protocols today. </p><p>NATs can also cause problems where <a href="/wiki/IPsec" title="IPsec">IPsec</a> encryption is applied and in cases where multiple devices such as <a href="/wiki/SIP_phone" class="mw-redirect" title="SIP phone">SIP phones</a> are located behind a NAT. Phones that encrypt their signaling with IPsec encapsulate the port information within an encrypted packet, meaning that NAT devices cannot access and translate the port. In these cases, the NAT devices revert to simple NAT operations. This means that all traffic returning to the NAT is mapped onto one client, causing service to more than one client behind the NAT to fail. There are a couple of solutions to this problem: one is to use <a href="/wiki/Transport_Layer_Security" title="Transport Layer Security">TLS</a>, which operates at <a href="/wiki/Layer_4" class="mw-redirect" title="Layer 4">layer 4</a> and does not mask the port number; another is to encapsulate the IPsec within <a href="/wiki/User_Datagram_Protocol" title="User Datagram Protocol">UDP</a> – the latter being the solution chosen by <a href="/wiki/TISPAN" class="mw-redirect" title="TISPAN">TISPAN</a> to achieve secure NAT traversal, or a NAT with <a href="/wiki/NAT_traversal" title="NAT traversal">"IPsec Passthru"</a> support; another is to <a href="/wiki/NAT_traversal_with_session_border_controllers" title="NAT traversal with session border controllers">use a session border controller to help traverse the NAT</a>. </p><p><a href="/wiki/Interactive_Connectivity_Establishment" title="Interactive Connectivity Establishment">Interactive Connectivity Establishment</a> is a NAT traversal technique that does not rely on ALG support. </p><p>The DNS protocol vulnerability announced by <a href="/wiki/Dan_Kaminsky" title="Dan Kaminsky">Dan Kaminsky</a> on July 8, 2008,<sup id="cite_ref-networkworld-2008-07-08_38-0" class="reference"><a href="#cite_note-networkworld-2008-07-08-38"><span class="cite-bracket">[</span>32<span class="cite-bracket">]</span></a></sup> is indirectly affected by NAT port mapping. To avoid <a href="/wiki/DNS_cache_poisoning" class="mw-redirect" title="DNS cache poisoning">DNS cache poisoning</a>, it is highly desirable not to translate UDP source port numbers of outgoing DNS requests from a DNS server behind a firewall that implements NAT. The recommended workaround for the DNS vulnerability is to make all caching DNS servers use randomized UDP source ports. If the NAT function de-randomizes the UDP source ports, the DNS server becomes vulnerable. </p> <div class="mw-heading mw-heading2"><h2 id="Examples_of_NAT_software">Examples of NAT software</h2><span class="mw-editsection"><span class="mw-editsection-bracket">[</span><a href="/w/index.php?title=Network_address_translation&action=edit&section=22" title="Edit section: Examples of NAT software"><span>edit</span></a><span class="mw-editsection-bracket">]</span></span></div> <ul><li><a href="/wiki/Internet_Connection_Sharing" title="Internet Connection Sharing">Internet Connection Sharing</a> (ICS): NAT & DHCP implementation included with <a href="/wiki/Windows" class="mw-redirect" title="Windows">Windows</a> desktop operating systems</li> <li><a href="/wiki/IPFilter" title="IPFilter">IPFilter</a>: included with (<a href="/wiki/OpenSolaris" title="OpenSolaris">OpenSolaris</a>, <a href="/wiki/FreeBSD" title="FreeBSD">FreeBSD</a> and <a href="/wiki/NetBSD" title="NetBSD">NetBSD</a>, available for many other <a href="/wiki/Unix-like" title="Unix-like">Unix-like</a> operating systems</li> <li><a href="/wiki/Ipfirewall" title="Ipfirewall">ipfirewall</a> (ipfw): FreeBSD-native packet filter</li> <li><a href="/wiki/Netfilter" title="Netfilter">Netfilter</a> with <a href="/wiki/Iptables" title="Iptables">iptables</a>/<a href="/wiki/Nftables" title="Nftables">nftables</a>: the <a href="/wiki/Linux" title="Linux">Linux</a> packet filter</li> <li><a href="/wiki/NPF_(firewall)" title="NPF (firewall)">NPF</a>: NetBSD-native packet filter</li> <li><a href="/wiki/PF_(firewall)" title="PF (firewall)">PF</a>: OpenBSD-native packet filter</li> <li><a href="/wiki/Routing_and_Remote_Access_Service" title="Routing and Remote Access Service">Routing and Remote Access Service</a> (RRAS): routing implementation included with <a href="/wiki/Windows_Server" title="Windows Server">Windows Server</a> operating systems</li> <li><a href="/wiki/Vector_Packet_Processing" title="Vector Packet Processing">VPP</a>: <a href="/wiki/User_space" class="mw-redirect" title="User space">user space</a> packet forwarding implementation for Linux</li> <li><a href="/wiki/WinGate" title="WinGate">WinGate</a>: third-party routing implementation for Windows</li></ul> <div class="mw-heading mw-heading2"><h2 id="See_also">See also</h2><span class="mw-editsection"><span class="mw-editsection-bracket">[</span><a href="/w/index.php?title=Network_address_translation&action=edit&section=23" title="Edit section: See also"><span>edit</span></a><span class="mw-editsection-bracket">]</span></span></div> <style data-mw-deduplicate="TemplateStyles:r1235681985">.mw-parser-output .side-box{margin:4px 0;box-sizing:border-box;border:1px solid #aaa;font-size:88%;line-height:1.25em;background-color:var(--background-color-interactive-subtle,#f8f9fa);display:flow-root}.mw-parser-output .side-box-abovebelow,.mw-parser-output .side-box-text{padding:0.25em 0.9em}.mw-parser-output .side-box-image{padding:2px 0 2px 0.9em;text-align:center}.mw-parser-output .side-box-imageright{padding:2px 0.9em 2px 0;text-align:center}@media(min-width:500px){.mw-parser-output .side-box-flex{display:flex;align-items:center}.mw-parser-output .side-box-text{flex:1;min-width:0}}@media(min-width:720px){.mw-parser-output .side-box{width:238px}.mw-parser-output .side-box-right{clear:right;float:right;margin-left:1em}.mw-parser-output .side-box-left{margin-right:1em}}</style><style data-mw-deduplicate="TemplateStyles:r1237033735">@media print{body.ns-0 .mw-parser-output .sistersitebox{display:none!important}}@media screen{html.skin-theme-clientpref-night .mw-parser-output .sistersitebox img[src*="Wiktionary-logo-en-v2.svg"]{background-color:white}}@media screen and (prefers-color-scheme:dark){html.skin-theme-clientpref-os .mw-parser-output .sistersitebox img[src*="Wiktionary-logo-en-v2.svg"]{background-color:white}}</style><div class="side-box side-box-right plainlinks sistersitebox"><style data-mw-deduplicate="TemplateStyles:r1126788409">.mw-parser-output .plainlist ol,.mw-parser-output .plainlist ul{line-height:inherit;list-style:none;margin:0;padding:0}.mw-parser-output .plainlist ol li,.mw-parser-output .plainlist ul li{margin-bottom:0}</style> <div class="side-box-flex"> <div class="side-box-image"><span class="noviewer" typeof="mw:File"><span><img alt="" src="//upload.wikimedia.org/wikipedia/en/thumb/4/4a/Commons-logo.svg/30px-Commons-logo.svg.png" decoding="async" width="30" height="40" class="mw-file-element" srcset="//upload.wikimedia.org/wikipedia/en/thumb/4/4a/Commons-logo.svg/45px-Commons-logo.svg.png 1.5x, //upload.wikimedia.org/wikipedia/en/thumb/4/4a/Commons-logo.svg/59px-Commons-logo.svg.png 2x" data-file-width="1024" data-file-height="1376" /></span></span></div> <div class="side-box-text plainlist">Wikimedia Commons has media related to <span style="font-weight: bold; font-style: italic;"><a href="https://commons.wikimedia.org/wiki/Category:Network_Address_Translation" class="extiw" title="commons:Category:Network Address Translation">Network Address Translation</a></span>.</div></div> </div> <ul><li><a href="/wiki/Anything_In_Anything" title="Anything In Anything">Anything In Anything</a> (AYIYA) – IPv6 over IPv4 UDP, thus working IPv6 tunneling over most NATs</li> <li><a href="/wiki/Carrier-grade_NAT" title="Carrier-grade NAT">Carrier-grade NAT</a> – NAT behind NAT within ISP.</li> <li><a href="/wiki/Gateway_(telecommunications)" title="Gateway (telecommunications)">Gateway (telecommunications)</a> – Connection between two network systems</li> <li><a href="/wiki/Internet_Gateway_Device_Protocol" title="Internet Gateway Device Protocol">Internet Gateway Device Protocol</a> (UPnP IGD) NAT-traversal method</li> <li><a href="/wiki/Middlebox" title="Middlebox">Middlebox</a> – Intermediary box on the data path between a source host and destination host</li> <li><a href="/wiki/NAT_Port_Mapping_Protocol" title="NAT Port Mapping Protocol">NAT Port Mapping Protocol</a> (NAT-PMP) NAT-traversal method</li> <li><a href="/wiki/Port_Control_Protocol" title="Port Control Protocol">Port Control Protocol</a> (PCP) NAT-traversal method</li> <li><a href="/wiki/Port_triggering" title="Port triggering">Port triggering</a> – NAT traversal mechanism</li> <li><a href="/wiki/Subnetwork" class="mw-redirect" title="Subnetwork">Subnetwork</a> – Logical subdivision of an IP network<span style="display:none" class="category-annotation-with-redirected-description">Pages displaying short descriptions of redirect targets</span></li> <li><a href="/wiki/Teredo_tunneling" title="Teredo tunneling">Teredo tunneling</a> – NAT traversal using IPv6</li></ul> <div class="mw-heading mw-heading2"><h2 id="Notes">Notes</h2><span class="mw-editsection"><span class="mw-editsection-bracket">[</span><a href="/w/index.php?title=Network_address_translation&action=edit&section=24" title="Edit section: Notes"><span>edit</span></a><span class="mw-editsection-bracket">]</span></span></div> <style data-mw-deduplicate="TemplateStyles:r1239543626">.mw-parser-output .reflist{margin-bottom:0.5em;list-style-type:decimal}@media screen{.mw-parser-output .reflist{font-size:90%}}.mw-parser-output .reflist .references{font-size:100%;margin-bottom:0;list-style-type:inherit}.mw-parser-output .reflist-columns-2{column-width:30em}.mw-parser-output .reflist-columns-3{column-width:25em}.mw-parser-output .reflist-columns{margin-top:0.3em}.mw-parser-output .reflist-columns ol{margin-top:0}.mw-parser-output .reflist-columns li{page-break-inside:avoid;break-inside:avoid-column}.mw-parser-output .reflist-upper-alpha{list-style-type:upper-alpha}.mw-parser-output .reflist-upper-roman{list-style-type:upper-roman}.mw-parser-output .reflist-lower-alpha{list-style-type:lower-alpha}.mw-parser-output .reflist-lower-greek{list-style-type:lower-greek}.mw-parser-output .reflist-lower-roman{list-style-type:lower-roman}</style><div class="reflist reflist-lower-alpha"> <div class="mw-references-wrap"><ol class="references"> <li id="cite_note-5"><span class="mw-cite-backlink"><b><a href="#cite_ref-5">^</a></b></span> <span class="reference-text">Most NAT devices today allow the network administrator to configure static translation table entries for connections from the external network to the internal masqueraded network. This feature is often referred to as <i>static NAT</i>. It may be implemented in two types: <a href="/wiki/Port_forwarding" title="Port forwarding">port forwarding</a> which forwards traffic from a specific external port to an internal host on a specified port, and designation of a <a href="/wiki/DMZ_host" class="mw-redirect" title="DMZ host">DMZ host</a> which passes all traffic received on the external interface (on any port number) to an internal IP address while preserving the destination port. Both types may be available in the same NAT device.</span> </li> <li id="cite_note-6"><span class="mw-cite-backlink"><b><a href="#cite_ref-6">^</a></b></span> <span class="reference-text">The more common arrangement is having computers that require end-to-end connectivity supplied with a routable IP address, while having others that do not provide services to outside users behind NAT with only a few IP addresses used to enable Internet access.</span> </li> <li id="cite_note-11"><span class="mw-cite-backlink"><b><a href="#cite_ref-11">^</a></b></span> <span class="reference-text">As the NAT router allocates an individual port for each outgoing connection, a huge number of outgoing connections may saturate the range of available ports. As ports typically get freed when the connection doesn't produce any more traffic for a certain time, the maximum number of active connection is limited to approximately 64K.</span> </li> <li id="cite_note-19"><span class="mw-cite-backlink"><b><a href="#cite_ref-19">^</a></b></span> <span class="reference-text">The port numbers are 16-bit integers. The total number of internal addresses that can be translated to one external address could theoretically be as high as 65,536 per IP address. Realistically, the number of ports that can be assigned a single IP address is around 4000.</span> </li> <li id="cite_note-32"><span class="mw-cite-backlink"><b><a href="#cite_ref-32">^</a></b></span> <span class="reference-text">Unless an explicit route is set in the computer's <a href="/wiki/Routing" title="Routing">routing</a> tables.</span> </li> <li id="cite_note-37"><span class="mw-cite-backlink"><b><a href="#cite_ref-37">^</a></b></span> <span class="reference-text">This issue can be avoided by using <a href="/wiki/SSH_File_Transfer_Protocol" title="SSH File Transfer Protocol">SFTP</a> instead of FTP</span> </li> </ol></div></div> <div class="mw-heading mw-heading2"><h2 id="References">References</h2><span class="mw-editsection"><span class="mw-editsection-bracket">[</span><a href="/w/index.php?title=Network_address_translation&action=edit&section=25" title="Edit section: References"><span>edit</span></a><span class="mw-editsection-bracket">]</span></span></div> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1239543626"><div class="reflist"> <div class="mw-references-wrap mw-references-columns"><ol class="references"> <li id="cite_note-1"><span class="mw-cite-backlink"><b><a href="#cite_ref-1">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation book cs1"><a rel="nofollow" class="external text" href="https://books.google.com/books?id=D_GrQa2ZcLwC"><i>Network Protocols Handbook</i></a> (2 ed.). Javvin Technologies Inc. 2005. p. 27. <a href="/wiki/ISBN_(identifier)" class="mw-redirect" title="ISBN (identifier)">ISBN</a> <a href="/wiki/Special:BookSources/9780974094526" title="Special:BookSources/9780974094526"><bdi>9780974094526</bdi></a><span class="reference-accessdate">. Retrieved <span class="nowrap">2014-09-16</span></span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=book&rft.btitle=Network+Protocols+Handbook&rft.pages=27&rft.edition=2&rft.pub=Javvin+Technologies+Inc.&rft.date=2005&rft.isbn=9780974094526&rft_id=https%3A%2F%2Fbooks.google.com%2Fbooks%3Fid%3DD_GrQa2ZcLwC&rfr_id=info%3Asid%2Fen.wikipedia.org%3ANetwork+address+translation" class="Z3988"></span></span> </li> <li id="cite_note-rfc4787-2"><span class="mw-cite-backlink">^ <a href="#cite_ref-rfc4787_2-0"><sup><i><b>a</b></i></sup></a> <a href="#cite_ref-rfc4787_2-1"><sup><i><b>b</b></i></sup></a> <a href="#cite_ref-rfc4787_2-2"><sup><i><b>c</b></i></sup></a> <a href="#cite_ref-rfc4787_2-3"><sup><i><b>d</b></i></sup></a> <a href="#cite_ref-rfc4787_2-4"><sup><i><b>e</b></i></sup></a> <a href="#cite_ref-rfc4787_2-5"><sup><i><b>f</b></i></sup></a> <a href="#cite_ref-rfc4787_2-6"><sup><i><b>g</b></i></sup></a> <a href="#cite_ref-rfc4787_2-7"><sup><i><b>h</b></i></sup></a> <a href="#cite_ref-rfc4787_2-8"><sup><i><b>i</b></i></sup></a></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFFrançois_AudetCullen_Jennings2007" class="citation cs1">François Audet; Cullen Jennings (January 2007). <a rel="nofollow" class="external text" href="https://datatracker.ietf.org/doc/html/rfc4787"><i>Network Address Translation (NAT) Behavioral Requirements for Unicast UDP</i></a>. <a href="/wiki/IETF" class="mw-redirect" title="IETF">IETF</a>. <a href="/wiki/Doi_(identifier)" class="mw-redirect" title="Doi (identifier)">doi</a>:<span class="id-lock-free" title="Freely accessible"><a rel="nofollow" class="external text" href="https://doi.org/10.17487%2FRFC4787">10.17487/RFC4787</a></span>. <a href="/wiki/Request_for_Comments" title="Request for Comments">RFC</a> <a rel="nofollow" class="external text" href="https://datatracker.ietf.org/doc/html/rfc4787">4787</a>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=book&rft.btitle=Network+Address+Translation+%28NAT%29+Behavioral+Requirements+for+Unicast+UDP&rft.pub=IETF&rft.date=2007-01&rft_id=info%3Adoi%2F10.17487%2FRFC4787&rft.au=Fran%C3%A7ois+Audet&rft.au=Cullen+Jennings&rft_id=https%3A%2F%2Fdatatracker.ietf.org%2Fdoc%2Fhtml%2Frfc4787&rfr_id=info%3Asid%2Fen.wikipedia.org%3ANetwork+address+translation" class="Z3988"></span></span> </li> <li id="cite_note-huston-3"><span class="mw-cite-backlink"><b><a href="#cite_ref-huston_3-0">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFGeoff_Huston2004" class="citation journal cs1">Geoff Huston (September 2004). <a rel="nofollow" class="external text" href="https://ipj.dreamhosters.com/wp-content/uploads/issues/2004/ipj07-3.pdf">"Anatomy: A Look Inside Network Address Translators"</a> <span class="cs1-format">(PDF)</span>. <i>The Internet Protocol Journal</i>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.jtitle=The+Internet+Protocol+Journal&rft.atitle=Anatomy%3A+A+Look+Inside+Network+Address+Translators&rft.date=2004-09&rft.au=Geoff+Huston&rft_id=https%3A%2F%2Fipj.dreamhosters.com%2Fwp-content%2Fuploads%2Fissues%2F2004%2Fipj07-3.pdf&rfr_id=info%3Asid%2Fen.wikipedia.org%3ANetwork+address+translation" class="Z3988"></span></span> </li> <li id="cite_note-:0-4"><span class="mw-cite-backlink">^ <a href="#cite_ref-:0_4-0"><sup><i><b>a</b></i></sup></a> <a href="#cite_ref-:0_4-1"><sup><i><b>b</b></i></sup></a></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFWing2010" class="citation journal cs1">Wing, Dan (2010-07-01). <a rel="nofollow" class="external text" href="https://ieeexplore.ieee.org/document/5496805">"Network Address Translation: Extending the Internet Address Space"</a>. <i>IEEE Internet Computing</i>. <b>14</b> (4): 66–70. <a href="/wiki/Doi_(identifier)" class="mw-redirect" title="Doi (identifier)">doi</a>:<a rel="nofollow" class="external text" href="https://doi.org/10.1109%2FMIC.2010.96">10.1109/MIC.2010.96</a>. <a href="/wiki/ISSN_(identifier)" class="mw-redirect" title="ISSN (identifier)">ISSN</a> <a rel="nofollow" class="external text" href="https://search.worldcat.org/issn/1089-7801">1089-7801</a>. <a href="/wiki/S2CID_(identifier)" class="mw-redirect" title="S2CID (identifier)">S2CID</a> <a rel="nofollow" class="external text" href="https://api.semanticscholar.org/CorpusID:31082389">31082389</a>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.jtitle=IEEE+Internet+Computing&rft.atitle=Network+Address+Translation%3A+Extending+the+Internet+Address+Space&rft.volume=14&rft.issue=4&rft.pages=66-70&rft.date=2010-07-01&rft_id=https%3A%2F%2Fapi.semanticscholar.org%2FCorpusID%3A31082389%23id-name%3DS2CID&rft.issn=1089-7801&rft_id=info%3Adoi%2F10.1109%2FMIC.2010.96&rft.aulast=Wing&rft.aufirst=Dan&rft_id=https%3A%2F%2Fieeexplore.ieee.org%2Fdocument%2F5496805&rfr_id=info%3Asid%2Fen.wikipedia.org%3ANetwork+address+translation" class="Z3988"></span></span> </li> <li id="cite_note-7"><span class="mw-cite-backlink"><b><a href="#cite_ref-7">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="http://nutss.gforge.cis.cornell.edu/pub/imc05-tcpnat/">"Characterization and Measurement of TCP Traversal through NATs and Firewalls"</a>. December 2006.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=unknown&rft.btitle=Characterization+and+Measurement+of+TCP+Traversal+through+NATs+and+Firewalls&rft.date=2006-12&rft_id=http%3A%2F%2Fnutss.gforge.cis.cornell.edu%2Fpub%2Fimc05-tcpnat%2F&rfr_id=info%3Asid%2Fen.wikipedia.org%3ANetwork+address+translation" class="Z3988"></span></span> </li> <li id="cite_note-8"><span class="mw-cite-backlink"><b><a href="#cite_ref-8">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="https://web.archive.org/web/20100724011252/http://illuminati.coralcdn.org/stats/">"Illuminating the shadows: Opportunistic network and web measurement"</a>. December 2006. Archived from <a rel="nofollow" class="external text" href="http://illuminati.coralcdn.org/stats/">the original</a> on 2010-07-24.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=unknown&rft.btitle=Illuminating+the+shadows%3A+Opportunistic+network+and+web+measurement&rft.date=2006-12&rft_id=http%3A%2F%2Filluminati.coralcdn.org%2Fstats%2F&rfr_id=info%3Asid%2Fen.wikipedia.org%3ANetwork+address+translation" class="Z3988"></span></span> </li> <li id="cite_note-9"><span class="mw-cite-backlink"><b><a href="#cite_ref-9">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><a href="/wiki/RFC_(identifier)" class="mw-redirect" title="RFC (identifier)">RFC</a> <a rel="nofollow" class="external text" href="https://datatracker.ietf.org/doc/html/rfc8314">8314</a></span> </li> <li id="cite_note-10"><span class="mw-cite-backlink"><b><a href="#cite_ref-10">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="https://web.archive.org/web/20111008014142/http://www.tieline.com/Downloads/Audio-over-IP-Instant-Expert-Guide-v1.pdf">"The Audio over IP Instant Expert Guide"</a> <span class="cs1-format">(PDF)</span>. Tieline. January 2010. Archived from <a rel="nofollow" class="external text" href="http://www.tieline.com/Downloads/Audio-over-IP-Instant-Expert-Guide-v1.pdf">the original</a> <span class="cs1-format">(PDF)</span> on 2011-10-08<span class="reference-accessdate">. Retrieved <span class="nowrap">2011-08-19</span></span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=unknown&rft.btitle=The+Audio+over+IP+Instant+Expert+Guide&rft.pub=Tieline&rft.date=2010-01&rft_id=http%3A%2F%2Fwww.tieline.com%2FDownloads%2FAudio-over-IP-Instant-Expert-Guide-v1.pdf&rfr_id=info%3Asid%2Fen.wikipedia.org%3ANetwork+address+translation" class="Z3988"></span></span> </li> <li id="cite_note-12"><span class="mw-cite-backlink"><b><a href="#cite_ref-12">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="https://www.cisco.com/c/en/us/support/docs/ip/network-address-translation-nat/13774-3.html">"Using NAT in Overlapping Networks"</a>. August 2005.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=unknown&rft.btitle=Using+NAT+in+Overlapping+Networks&rft.date=2005-08&rft_id=https%3A%2F%2Fwww.cisco.com%2Fc%2Fen%2Fus%2Fsupport%2Fdocs%2Fip%2Fnetwork-address-translation-nat%2F13774-3.html&rfr_id=info%3Asid%2Fen.wikipedia.org%3ANetwork+address+translation" class="Z3988"></span></span> </li> <li id="cite_note-13"><span class="mw-cite-backlink"><b><a href="#cite_ref-13">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="https://www.juniper.net/documentation/en_US/release-independent/nce/topics/concept/lan2lan-vpn-jseries-srx-series-overview.html">"VPNs with Overlapping Subnets Problem Scenario"</a>. September 2017.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=unknown&rft.btitle=VPNs+with+Overlapping+Subnets+Problem+Scenario&rft.date=2017-09&rft_id=https%3A%2F%2Fwww.juniper.net%2Fdocumentation%2Fen_US%2Frelease-independent%2Fnce%2Ftopics%2Fconcept%2Flan2lan-vpn-jseries-srx-series-overview.html&rfr_id=info%3Asid%2Fen.wikipedia.org%3ANetwork+address+translation" class="Z3988"></span></span> </li> <li id="cite_note-14"><span class="mw-cite-backlink"><b><a href="#cite_ref-14">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFSrisureshGan1998" class="citation cs1">Srisuresh, Pyda; Gan, Der-Hwa (August 1998). <i>Load Sharing using IP Network Address Translation</i>. <a href="/wiki/RFC_(identifier)" class="mw-redirect" title="RFC (identifier)">RFC</a> <span class="id-lock-free" title="Freely accessible"><a rel="nofollow" class="external text" href="https://tools.ietf.org/html/rfc2391">2391</a></span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=book&rft.btitle=Load+Sharing+using+IP+Network+Address+Translation&rft.date=1998-08&rft_id=https%3A%2F%2Ftools.ietf.org%2Fhtml%2Frfc2391%23id-name%3DRFC&rft.aulast=Srisuresh&rft.aufirst=Pyda&rft.au=Gan%2C+Der-Hwa&rfr_id=info%3Asid%2Fen.wikipedia.org%3ANetwork+address+translation" class="Z3988"></span></span> </li> <li id="cite_note-15"><span class="mw-cite-backlink"><b><a href="#cite_ref-15">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="https://www.nginx.com/resources/glossary/layer-4-load-balancing">"What Is Layer 4 Load Balancing?"</a>. June 2020.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=unknown&rft.btitle=What+Is+Layer+4+Load+Balancing%3F&rft.date=2020-06&rft_id=https%3A%2F%2Fwww.nginx.com%2Fresources%2Fglossary%2Flayer-4-load-balancing&rfr_id=info%3Asid%2Fen.wikipedia.org%3ANetwork+address+translation" class="Z3988"></span></span> </li> <li id="cite_note-16"><span class="mw-cite-backlink"><b><a href="#cite_ref-16">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="https://nfware.com/blog-what-is-load-balancing">"What is load balancing?"</a>. November 2018.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=unknown&rft.btitle=What+is+load+balancing%3F&rft.date=2018-11&rft_id=https%3A%2F%2Fnfware.com%2Fblog-what-is-load-balancing&rfr_id=info%3Asid%2Fen.wikipedia.org%3ANetwork+address+translation" class="Z3988"></span></span> </li> <li id="cite_note-17"><span class="mw-cite-backlink"><b><a href="#cite_ref-17">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="https://www.cisco.com/c/en/us/support/docs/ip/network-address-translation-nat/200608-Server-Load-Balancing-Using-Dynamic-NAT.html">"Configure Server Load Balancing Using Dynamic NAT"</a>. June 2018.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=unknown&rft.btitle=Configure+Server+Load+Balancing+Using+Dynamic+NAT&rft.date=2018-06&rft_id=https%3A%2F%2Fwww.cisco.com%2Fc%2Fen%2Fus%2Fsupport%2Fdocs%2Fip%2Fnetwork-address-translation-nat%2F200608-Server-Load-Balancing-Using-Dynamic-NAT.html&rfr_id=info%3Asid%2Fen.wikipedia.org%3ANetwork+address+translation" class="Z3988"></span></span> </li> <li id="cite_note-18"><span class="mw-cite-backlink"><b><a href="#cite_ref-18">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFSinghTayTeoYeow1999" class="citation book cs1">Singh, R.; Tay, Y.C.; Teo, W.T.; Yeow, S.W. (1999). "RAT: A quick (and dirty?) push for mobility support". <i>Proceedings WMCSA'99. Second IEEE Workshop on Mobile Computing Systems and Applications</i>. pp. 32–40. <a href="/wiki/CiteSeerX_(identifier)" class="mw-redirect" title="CiteSeerX (identifier)">CiteSeerX</a> <span class="id-lock-free" title="Freely accessible"><a rel="nofollow" class="external text" href="https://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.40.461">10.1.1.40.461</a></span>. <a href="/wiki/Doi_(identifier)" class="mw-redirect" title="Doi (identifier)">doi</a>:<a rel="nofollow" class="external text" href="https://doi.org/10.1109%2FMCSA.1999.749275">10.1109/MCSA.1999.749275</a>. <a href="/wiki/ISBN_(identifier)" class="mw-redirect" title="ISBN (identifier)">ISBN</a> <a href="/wiki/Special:BookSources/978-0-7695-0025-6" title="Special:BookSources/978-0-7695-0025-6"><bdi>978-0-7695-0025-6</bdi></a>. <a href="/wiki/S2CID_(identifier)" class="mw-redirect" title="S2CID (identifier)">S2CID</a> <a rel="nofollow" class="external text" href="https://api.semanticscholar.org/CorpusID:7657883">7657883</a>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.atitle=RAT%3A+A+quick+%28and+dirty%3F%29+push+for+mobility+support&rft.btitle=Proceedings+WMCSA%2799.+Second+IEEE+Workshop+on+Mobile+Computing+Systems+and+Applications&rft.pages=32-40&rft.date=1999&rft_id=https%3A%2F%2Fciteseerx.ist.psu.edu%2Fviewdoc%2Fsummary%3Fdoi%3D10.1.1.40.461%23id-name%3DCiteSeerX&rft_id=https%3A%2F%2Fapi.semanticscholar.org%2FCorpusID%3A7657883%23id-name%3DS2CID&rft_id=info%3Adoi%2F10.1109%2FMCSA.1999.749275&rft.isbn=978-0-7695-0025-6&rft.aulast=Singh&rft.aufirst=R.&rft.au=Tay%2C+Y.C.&rft.au=Teo%2C+W.T.&rft.au=Yeow%2C+S.W.&rfr_id=info%3Asid%2Fen.wikipedia.org%3ANetwork+address+translation" class="Z3988"></span></span> </li> <li id="cite_note-rfc3439-20"><span class="mw-cite-backlink"><b><a href="#cite_ref-rfc3439_20-0">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFBushMeyer2002" class="citation cs1">Bush, R.; Meyer, D. (2002). <a rel="nofollow" class="external text" href="https://datatracker.ietf.org/doc/html/rfc3439"><i>Some Internet Architectural Guidelines and Philosophy</i></a>. <a href="/wiki/IETF" class="mw-redirect" title="IETF">IETF</a>. <a href="/wiki/Doi_(identifier)" class="mw-redirect" title="Doi (identifier)">doi</a>:<span class="id-lock-free" title="Freely accessible"><a rel="nofollow" class="external text" href="https://doi.org/10.17487%2FRFC3439">10.17487/RFC3439</a></span>. <a href="/wiki/Request_for_Comments" title="Request for Comments">RFC</a> <a rel="nofollow" class="external text" href="https://datatracker.ietf.org/doc/html/rfc3439">3439</a>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=book&rft.btitle=Some+Internet+Architectural+Guidelines+and+Philosophy&rft.pub=IETF&rft.date=2002&rft_id=info%3Adoi%2F10.17487%2FRFC3439&rft.aulast=Bush&rft.aufirst=R.&rft.au=Meyer%2C+D.&rft_id=https%3A%2F%2Fdatatracker.ietf.org%2Fdoc%2Fhtml%2Frfc3439&rfr_id=info%3Asid%2Fen.wikipedia.org%3ANetwork+address+translation" class="Z3988"></span></span> </li> <li id="cite_note-rfc4864-21"><span class="mw-cite-backlink"><b><a href="#cite_ref-rfc4864_21-0">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFVeldeHainDromsCarpenter2007" class="citation cs1">Velde, G. Van de; Hain, T.; Droms, R.; Carpenter, B.; Klein, E. (2007). <a rel="nofollow" class="external text" href="https://datatracker.ietf.org/doc/html/rfc4864"><i>Local Network Protection for IPv6</i></a>. <a href="/wiki/IETF" class="mw-redirect" title="IETF">IETF</a>. <a href="/wiki/Doi_(identifier)" class="mw-redirect" title="Doi (identifier)">doi</a>:<span class="id-lock-free" title="Freely accessible"><a rel="nofollow" class="external text" href="https://doi.org/10.17487%2FRFC4864">10.17487/RFC4864</a></span>. <a href="/wiki/Request_for_Comments" title="Request for Comments">RFC</a> <a rel="nofollow" class="external text" href="https://datatracker.ietf.org/doc/html/rfc4864">4864</a>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=book&rft.btitle=Local+Network+Protection+for+IPv6&rft.pub=IETF&rft.date=2007&rft_id=info%3Adoi%2F10.17487%2FRFC4864&rft.aulast=Velde&rft.aufirst=G.+Van+de&rft.au=Hain%2C+T.&rft.au=Droms%2C+R.&rft.au=Carpenter%2C+B.&rft.au=Klein%2C+E.&rft_id=https%3A%2F%2Fdatatracker.ietf.org%2Fdoc%2Fhtml%2Frfc4864&rfr_id=info%3Asid%2Fen.wikipedia.org%3ANetwork+address+translation" class="Z3988"></span></span> </li> <li id="cite_note-22"><span class="mw-cite-backlink"><b><a href="#cite_ref-22">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="https://www.cisco.com/c/en/us/products/collateral/ios-nx-os-software/ios-software-releases-12-2-t/prod_white_paper0900aecd8052870b.html">"Enhanced IP Resiliency Using Cisco Stateful NAT"</a>. <i>Cisco</i>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=Cisco&rft.atitle=Enhanced+IP+Resiliency+Using+Cisco+Stateful+NAT&rft_id=https%3A%2F%2Fwww.cisco.com%2Fc%2Fen%2Fus%2Fproducts%2Fcollateral%2Fios-nx-os-software%2Fios-software-releases-12-2-t%2Fprod_white_paper0900aecd8052870b.html&rfr_id=info%3Asid%2Fen.wikipedia.org%3ANetwork+address+translation" class="Z3988"></span></span> </li> <li id="cite_note-23"><span class="mw-cite-backlink"><b><a href="#cite_ref-23">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="https://web.archive.org/web/20130117155643/https://www.watchguard.com/help/configuration-examples/nat_to_email_servers_configuration_example%20(en-US).pdf">"Use NAT for Public Accessto Servers with Private IP Addresses on the Private Network (WatchGuard configuration example)"</a> <span class="cs1-format">(PDF)</span>. <i>www.watchguard.com</i>. Archived from <a rel="nofollow" class="external text" href="https://www.watchguard.com/help/configuration-examples/nat_to_email_servers_configuration_example%20(en-US).pdf">the original</a> <span class="cs1-format">(PDF)</span> on 2013-01-17.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=www.watchguard.com&rft.atitle=Use+NAT+for+Public+Accessto+Servers+with+Private+IP+Addresses+on+the+Private+Network+%28WatchGuard+configuration+example%29&rft_id=https%3A%2F%2Fwww.watchguard.com%2Fhelp%2Fconfiguration-examples%2Fnat_to_email_servers_configuration_example%2520%28en-US%29.pdf&rfr_id=info%3Asid%2Fen.wikipedia.org%3ANetwork+address+translation" class="Z3988"></span></span> </li> <li id="cite_note-24"><span class="mw-cite-backlink"><b><a href="#cite_ref-24">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="https://support.f5.com/csp/article/K7820">"K7820: Overview of SNAT features"</a>. <i>AskF5</i>. August 28, 2007<span class="reference-accessdate">. Retrieved <span class="nowrap">February 24,</span> 2019</span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=AskF5&rft.atitle=K7820%3A+Overview+of+SNAT+features&rft.date=2007-08-28&rft_id=https%3A%2F%2Fsupport.f5.com%2Fcsp%2Farticle%2FK7820&rfr_id=info%3Asid%2Fen.wikipedia.org%3ANetwork+address+translation" class="Z3988"></span></span> </li> <li id="cite_note-25"><span class="mw-cite-backlink"><b><a href="#cite_ref-25">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="https://www.cisco.com/c/en/us/products/collateral/ios-nx-os-software/ios-software-releases-12-2-t/prod_white_paper0900aecd8052870b.html">"Enhanced IP Resiliency Using Cisco Stateful NAT"</a>. <i>Cisco</i>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=Cisco&rft.atitle=Enhanced+IP+Resiliency+Using+Cisco+Stateful+NAT&rft_id=https%3A%2F%2Fwww.cisco.com%2Fc%2Fen%2Fus%2Fproducts%2Fcollateral%2Fios-nx-os-software%2Fios-software-releases-12-2-t%2Fprod_white_paper0900aecd8052870b.html&rfr_id=info%3Asid%2Fen.wikipedia.org%3ANetwork+address+translation" class="Z3988"></span></span> </li> <li id="cite_note-26"><span class="mw-cite-backlink"><b><a href="#cite_ref-26">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="https://web.archive.org/web/20130117155643/https://www.watchguard.com/help/configuration-examples/nat_to_email_servers_configuration_example%20(en-US).pdf">"Use NAT for Public Accessto Servers with Private IP Addresses on the Private Network (WatchGuard configuration example)"</a> <span class="cs1-format">(PDF)</span>. <i>www.watchguard.com</i>. Archived from <a rel="nofollow" class="external text" href="https://www.watchguard.com/help/configuration-examples/nat_to_email_servers_configuration_example%20(en-US).pdf">the original</a> <span class="cs1-format">(PDF)</span> on 2013-01-17.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=www.watchguard.com&rft.atitle=Use+NAT+for+Public+Accessto+Servers+with+Private+IP+Addresses+on+the+Private+Network+%28WatchGuard+configuration+example%29&rft_id=https%3A%2F%2Fwww.watchguard.com%2Fhelp%2Fconfiguration-examples%2Fnat_to_email_servers_configuration_example%2520%28en-US%29.pdf&rfr_id=info%3Asid%2Fen.wikipedia.org%3ANetwork+address+translation" class="Z3988"></span></span> </li> <li id="cite_note-27"><span class="mw-cite-backlink"><b><a href="#cite_ref-27">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="https://support.f5.com/csp/article/K7820">"K7820: Overview of SNAT features"</a>. <i>AskF5</i>. August 28, 2007<span class="reference-accessdate">. Retrieved <span class="nowrap">February 24,</span> 2019</span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=AskF5&rft.atitle=K7820%3A+Overview+of+SNAT+features&rft.date=2007-08-28&rft_id=https%3A%2F%2Fsupport.f5.com%2Fcsp%2Farticle%2FK7820&rfr_id=info%3Asid%2Fen.wikipedia.org%3ANetwork+address+translation" class="Z3988"></span></span> </li> <li id="cite_note-28"><span class="mw-cite-backlink"><b><a href="#cite_ref-28">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="https://study-ccna.com/dynamic-nat/">"Dynamic NAT"</a>. 26 January 2016<span class="reference-accessdate">. Retrieved <span class="nowrap">2022-04-19</span></span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=unknown&rft.btitle=Dynamic+NAT&rft.date=2016-01-26&rft_id=https%3A%2F%2Fstudy-ccna.com%2Fdynamic-nat%2F&rfr_id=info%3Asid%2Fen.wikipedia.org%3ANetwork+address+translation" class="Z3988"></span></span> </li> <li id="cite_note-29"><span class="mw-cite-backlink"><b><a href="#cite_ref-29">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="https://docs.oracle.com/cd/E19047-01/sunscreen32/806-6347/6jfa0g880/index.html">"Dynamic NAT"</a><span class="reference-accessdate">. Retrieved <span class="nowrap">2022-04-19</span></span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=unknown&rft.btitle=Dynamic+NAT&rft_id=https%3A%2F%2Fdocs.oracle.com%2Fcd%2FE19047-01%2Fsunscreen32%2F806-6347%2F6jfa0g880%2Findex.html&rfr_id=info%3Asid%2Fen.wikipedia.org%3ANetwork+address+translation" class="Z3988"></span></span> </li> <li id="cite_note-30"><span class="mw-cite-backlink"><b><a href="#cite_ref-30">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="http://www.nycnetworkers.com/real-world/nat-reflectionnat-loopbacknat-hairpinning/">"What is NAT Reflection/NAT Loopback/NAT Hairpinning?"</a>. NYC Networkers. 2014-11-09<span class="reference-accessdate">. Retrieved <span class="nowrap">2017-04-27</span></span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=unknown&rft.btitle=What+is+NAT+Reflection%2FNAT+Loopback%2FNAT+Hairpinning%3F&rft.pub=NYC+Networkers&rft.date=2014-11-09&rft_id=http%3A%2F%2Fwww.nycnetworkers.com%2Freal-world%2Fnat-reflectionnat-loopbacknat-hairpinning%2F&rfr_id=info%3Asid%2Fen.wikipedia.org%3ANetwork+address+translation" class="Z3988"></span></span> </li> <li id="cite_note-31"><span class="mw-cite-backlink"><b><a href="#cite_ref-31">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="http://opensimulator.org/wiki/NAT_Loopback_Routers">"NAT Loopback Routers – OpenSim"</a> <span class="cs1-format">(<a href="/wiki/MediaWiki" title="MediaWiki">MediaWiki</a>)</span>. <a href="/wiki/OpenSimulator" title="OpenSimulator">OpenSimulator</a>. 2013-10-21<span class="reference-accessdate">. Retrieved <span class="nowrap">2014-02-21</span></span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=unknown&rft.btitle=NAT+Loopback+Routers+%E2%80%93+OpenSim&rft.pub=OpenSimulator&rft.date=2013-10-21&rft_id=http%3A%2F%2Fopensimulator.org%2Fwiki%2FNAT_Loopback_Routers&rfr_id=info%3Asid%2Fen.wikipedia.org%3ANetwork+address+translation" class="Z3988"></span></span> </li> <li id="cite_note-33"><span class="mw-cite-backlink"><b><a href="#cite_ref-33">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFIljitsch_van_Beijnum2008" class="citation web cs1">Iljitsch van Beijnum (2008-07-23). <a rel="nofollow" class="external text" href="https://arstechnica.com/uncategorized/2008/07/after-staunch-resistance-nat-may-come-to-ipv6-after-all/">"After staunch resistance, NAT may come to IPv6 after all"</a>. <i>Ars Technica</i><span class="reference-accessdate">. Retrieved <span class="nowrap">2014-04-24</span></span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=Ars+Technica&rft.atitle=After+staunch+resistance%2C+NAT+may+come+to+IPv6+after+all&rft.date=2008-07-23&rft.au=Iljitsch+van+Beijnum&rft_id=https%3A%2F%2Farstechnica.com%2Funcategorized%2F2008%2F07%2Fafter-staunch-resistance-nat-may-come-to-ipv6-after-all%2F&rfr_id=info%3Asid%2Fen.wikipedia.org%3ANetwork+address+translation" class="Z3988"></span></span> </li> <li id="cite_note-34"><span class="mw-cite-backlink"><b><a href="#cite_ref-34">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFDupont2015" class="citation web cs1">Dupont, Kasper (Aug 18, 2015). <a rel="nofollow" class="external text" href="https://serverfault.com/questions/714890/ipv6-subnetting-a-64-what-will-break-and-how-to-work-around-it">"subnet - IPv6 subnetting a /64 - what will break, and how to work around it?"</a>. <i>Server Fault</i><span class="reference-accessdate">. Retrieved <span class="nowrap">2023-04-20</span></span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=Server+Fault&rft.atitle=subnet+-+IPv6+subnetting+a+%2F64+-+what+will+break%2C+and+how+to+work+around+it%3F&rft.date=2015-08-18&rft.aulast=Dupont&rft.aufirst=Kasper&rft_id=https%3A%2F%2Fserverfault.com%2Fquestions%2F714890%2Fipv6-subnetting-a-64-what-will-break-and-how-to-work-around-it&rfr_id=info%3Asid%2Fen.wikipedia.org%3ANetwork+address+translation" class="Z3988"></span></span> </li> <li id="cite_note-35"><span class="mw-cite-backlink"><b><a href="#cite_ref-35">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFCilloni2018" class="citation web cs1">Cilloni, Marco (2018-02-01). <a rel="nofollow" class="external text" href="https://blog.apnic.net/2018/02/02/nat66-good-bad-ugly/">"NAT66: The good, the bad, the ugly"</a>. <i>APNIC Blog</i><span class="reference-accessdate">. Retrieved <span class="nowrap">2023-04-20</span></span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=APNIC+Blog&rft.atitle=NAT66%3A+The+good%2C+the+bad%2C+the+ugly&rft.date=2018-02-01&rft.aulast=Cilloni&rft.aufirst=Marco&rft_id=https%3A%2F%2Fblog.apnic.net%2F2018%2F02%2F02%2Fnat66-good-bad-ugly%2F&rfr_id=info%3Asid%2Fen.wikipedia.org%3ANetwork+address+translation" class="Z3988"></span></span> </li> <li id="cite_note-rfc6887-36"><span class="mw-cite-backlink"><b><a href="#cite_ref-rfc6887_36-0">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFD._WingCheshireBoucadairPenno2013" class="citation cs1">D. Wing, Ed; Cheshire, S.; Boucadair, M.; Penno, R.; Selkirk, P. (2013). <a rel="nofollow" class="external text" href="https://datatracker.ietf.org/doc/html/rfc6887"><i>Port Control Protocol (PCP)</i></a>. <a href="/wiki/IETF" class="mw-redirect" title="IETF">IETF</a>. <a href="/wiki/Doi_(identifier)" class="mw-redirect" title="Doi (identifier)">doi</a>:<span class="id-lock-free" title="Freely accessible"><a rel="nofollow" class="external text" href="https://doi.org/10.17487%2FRFC6887">10.17487/RFC6887</a></span>. <a href="/wiki/Request_for_Comments" title="Request for Comments">RFC</a> <a rel="nofollow" class="external text" href="https://datatracker.ietf.org/doc/html/rfc6887">6887</a>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=book&rft.btitle=Port+Control+Protocol+%28PCP%29&rft.pub=IETF&rft.date=2013&rft_id=info%3Adoi%2F10.17487%2FRFC6887&rft.aulast=D.+Wing&rft.aufirst=Ed&rft.au=Cheshire%2C+S.&rft.au=Boucadair%2C+M.&rft.au=Penno%2C+R.&rft.au=Selkirk%2C+P.&rft_id=https%3A%2F%2Fdatatracker.ietf.org%2Fdoc%2Fhtml%2Frfc6887&rfr_id=info%3Asid%2Fen.wikipedia.org%3ANetwork+address+translation" class="Z3988"></span></span> </li> <li id="cite_note-networkworld-2008-07-08-38"><span class="mw-cite-backlink"><b><a href="#cite_ref-networkworld-2008-07-08_38-0">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFMessmer2008" class="citation web cs1">Messmer, Ellen (2008-07-08). <a rel="nofollow" class="external text" href="https://web.archive.org/web/20090213171427/https://www.networkworld.com/news/2008/070808-dns-flaw-disrupts-internet.html">"Major DNS flaw could disrupt the Internet"</a>. <i><a href="/wiki/Network_World" class="mw-redirect" title="Network World">Network World</a></i>. Archived from <a rel="nofollow" class="external text" href="https://www.networkworld.com/news/2008/070808-dns-flaw-disrupts-internet.html">the original</a> on 2009-02-13<span class="reference-accessdate">. Retrieved <span class="nowrap">14 June</span> 2021</span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=Network+World&rft.atitle=Major+DNS+flaw+could+disrupt+the+Internet&rft.date=2008-07-08&rft.aulast=Messmer&rft.aufirst=Ellen&rft_id=https%3A%2F%2Fwww.networkworld.com%2Fnews%2F2008%2F070808-dns-flaw-disrupts-internet.html&rfr_id=info%3Asid%2Fen.wikipedia.org%3ANetwork+address+translation" class="Z3988"></span></span> </li> </ol></div></div> <div class="mw-heading mw-heading2"><h2 id="External_links">External links</h2><span class="mw-editsection"><span class="mw-editsection-bracket">[</span><a href="/w/index.php?title=Network_address_translation&action=edit&section=26" title="Edit section: External links"><span>edit</span></a><span class="mw-editsection-bracket">]</span></span></div> <ul><li><a rel="nofollow" class="external text" href="https://web.archive.org/web/20060111122443/http://nutss.gforge.cis.cornell.edu/pub/imc05-tcpnat/">Characterization of different TCP NATs</a> at the <a href="/wiki/Wayback_Machine" title="Wayback Machine">Wayback Machine</a> (archived 2006-01-11) – Paper discussing the different types of NAT</li> <li><a rel="nofollow" class="external text" href="https://www.cs.hmc.edu/~mike/public_html/courses/cs125/Readings/Anatomy-ALookInsideNATs.pdf">Anatomy: A Look Inside Network Address Translators – Volume 7, Issue 3, September 2004</a></li> <li>Jeff Tyson, <a rel="nofollow" class="external text" href="http://computer.howstuffworks.com/nat.htm/printable">HowStuffWorks: <i>How Network Address Translation Works</i></a></li> <li><a rel="nofollow" class="external text" href="https://archive.today/20130103041130/http://publib.boulder.ibm.com/infocenter/iseries/v5r3/index.jsp?topic=/rzajw/rzajwstatic.htm">Routing with NAT</a> at <a href="/wiki/Archive.today" title="Archive.today">archive.today</a> (archived 2013-01-03) (Part of the documentation for the IBM iSeries)</li> <li><a rel="nofollow" class="external text" href="http://www.cisco.com/c/en/us/support/docs/ip/network-address-translation-nat/26704-nat-faq-00.html">Network Address Translation (NAT) FAQ</a> – Cisco Systems</li></ul>    </div><noscript><img src="https://login.wikimedia.org/wiki/Special:CentralAutoLogin/start?type=1x1" alt="" width="1" height="1" style="border: none; position: absolute;"></noscript> <div class="printfooter" data-nosnippet="">Retrieved from "<a dir="ltr" href="https://en.wikipedia.org/w/index.php?title=Network_address_translation&oldid=1258591625">https://en.wikipedia.org/w/index.php?title=Network_address_translation&oldid=1258591625</a>"</div></div> <div id="catlinks" class="catlinks" data-mw="interface"><div id="mw-normal-catlinks" class="mw-normal-catlinks"><a href="/wiki/Help:Category" title="Help:Category">Category</a>: <ul><li><a href="/wiki/Category:Network_address_translation" title="Category:Network address translation">Network address translation</a></li></ul></div><div id="mw-hidden-catlinks" class="mw-hidden-catlinks mw-hidden-cats-hidden">Hidden categories: <ul><li><a href="/wiki/Category:Articles_with_short_description" title="Category:Articles with short description">Articles with short description</a></li><li><a href="/wiki/Category:Short_description_is_different_from_Wikidata" title="Category:Short description is different from Wikidata">Short description is different from Wikidata</a></li><li><a href="/wiki/Category:Use_American_English_from_February_2022" title="Category:Use American English from February 2022">Use American English from February 2022</a></li><li><a href="/wiki/Category:All_Wikipedia_articles_written_in_American_English" title="Category:All Wikipedia articles written in American English">All Wikipedia articles written in American English</a></li><li><a href="/wiki/Category:Articles_containing_potentially_dated_statements_from_2006" title="Category:Articles containing potentially dated statements from 2006">Articles containing potentially dated statements from 2006</a></li><li><a href="/wiki/Category:All_articles_containing_potentially_dated_statements" title="Category:All articles containing potentially dated statements">All articles containing potentially dated statements</a></li><li><a href="/wiki/Category:All_articles_with_unsourced_statements" title="Category:All articles with unsourced statements">All articles with unsourced statements</a></li><li><a href="/wiki/Category:Articles_with_unsourced_statements_from_February_2011" title="Category:Articles with unsourced statements from February 2011">Articles with unsourced statements from February 2011</a></li><li><a href="/wiki/Category:Commons_category_link_is_on_Wikidata" title="Category:Commons category link is on Wikidata">Commons category link is on Wikidata</a></li><li><a href="/wiki/Category:Pages_displaying_short_descriptions_of_redirect_targets_via_Module:Annotated_link" title="Category:Pages displaying short descriptions of redirect targets via Module:Annotated link">Pages displaying short descriptions of redirect targets via Module:Annotated link</a></li><li><a href="/wiki/Category:Webarchive_template_wayback_links" title="Category:Webarchive template wayback links">Webarchive template wayback links</a></li><li><a href="/wiki/Category:Webarchive_template_archiveis_links" title="Category:Webarchive template archiveis links">Webarchive template archiveis links</a></li></ul></div></div> </div> </main> </div> <div class="mw-footer-container"> <footer id="footer" class="mw-footer" > <ul id="footer-info"> <li id="footer-info-lastmod"> This page was last edited on 20 November 2024, at 15:18<span class="anonymous-show"> (UTC)</span>.</li> <li id="footer-info-copyright">Text is available under the <a href="/wiki/Wikipedia:Text_of_the_Creative_Commons_Attribution-ShareAlike_4.0_International_License" title="Wikipedia:Text of the Creative Commons Attribution-ShareAlike 4.0 International License">Creative Commons Attribution-ShareAlike 4.0 License</a>; additional terms may apply. By using this site, you agree to the <a href="https://foundation.wikimedia.org/wiki/Special:MyLanguage/Policy:Terms_of_Use" class="extiw" title="foundation:Special:MyLanguage/Policy:Terms of Use">Terms of Use</a> and <a href="https://foundation.wikimedia.org/wiki/Special:MyLanguage/Policy:Privacy_policy" class="extiw" title="foundation:Special:MyLanguage/Policy:Privacy policy">Privacy Policy</a>. Wikipedia® is a registered trademark of the <a rel="nofollow" class="external text" href="https://wikimediafoundation.org/">Wikimedia Foundation, Inc.</a>, a non-profit organization.</li> </ul> <ul id="footer-places"> <li id="footer-places-privacy"><a href="https://foundation.wikimedia.org/wiki/Special:MyLanguage/Policy:Privacy_policy">Privacy policy</a></li> <li id="footer-places-about"><a href="/wiki/Wikipedia:About">About Wikipedia</a></li> <li id="footer-places-disclaimers"><a href="/wiki/Wikipedia:General_disclaimer">Disclaimers</a></li> <li id="footer-places-contact"><a href="//en.wikipedia.org/wiki/Wikipedia:Contact_us">Contact Wikipedia</a></li> <li id="footer-places-wm-codeofconduct"><a href="https://foundation.wikimedia.org/wiki/Special:MyLanguage/Policy:Universal_Code_of_Conduct">Code of Conduct</a></li> <li id="footer-places-developers"><a href="https://developer.wikimedia.org">Developers</a></li> <li id="footer-places-statslink"><a href="https://stats.wikimedia.org/#/en.wikipedia.org">Statistics</a></li> <li id="footer-places-cookiestatement"><a href="https://foundation.wikimedia.org/wiki/Special:MyLanguage/Policy:Cookie_statement">Cookie statement</a></li> <li id="footer-places-mobileview"><a href="//en.m.wikipedia.org/w/index.php?title=Network_address_translation&mobileaction=toggle_view_mobile" class="noprint stopMobileRedirectToggle">Mobile view</a></li> </ul> <ul id="footer-icons" class="noprint"> <li id="footer-copyrightico"><a href="https://wikimediafoundation.org/" class="cdx-button cdx-button--fake-button cdx-button--size-large cdx-button--fake-button--enabled"><img src="/static/images/footer/wikimedia-button.svg" width="84" height="29" alt="Wikimedia Foundation" loading="lazy"></a></li> <li id="footer-poweredbyico"><a href="https://www.mediawiki.org/" class="cdx-button cdx-button--fake-button cdx-button--size-large cdx-button--fake-button--enabled"><img src="/w/resources/assets/poweredby_mediawiki.svg" alt="Powered by MediaWiki" width="88" height="31" loading="lazy"></a></li> </ul> </footer> </div> </div> </div> <div class="vector-settings" id="p-dock-bottom"> <ul></ul> </div><script>(RLQ=window.RLQ||[]).push(function(){mw.config.set({"wgHostname":"mw-web.codfw.main-57488d5c7d-9r58j","wgBackendResponseTime":230,"wgPageParseReport":{"limitreport":{"cputime":"0.845","walltime":"1.034","ppvisitednodes":{"value":5612,"limit":1000000},"postexpandincludesize":{"value":80787,"limit":2097152},"templateargumentsize":{"value":5815,"limit":2097152},"expansiondepth":{"value":16,"limit":100},"expensivefunctioncount":{"value":4,"limit":500},"unstrip-depth":{"value":1,"limit":20},"unstrip-size":{"value":124668,"limit":5000000},"entityaccesscount":{"value":1,"limit":400},"timingprofile":["100.00% 918.831 1 -total"," 34.01% 312.535 2 Template:Reflist"," 22.07% 202.777 4 Template:Anl"," 10.67% 98.072 22 Template:Cite_web"," 9.15% 84.061 2 Template:Cite_book"," 9.13% 83.876 1 Template:Short_description"," 8.12% 74.602 4 Template:IETF_RFC"," 7.75% 71.244 4 Template:Catalog_lookup_link"," 7.63% 70.131 5 Template:Cite_IETF"," 6.77% 62.174 1 Template:Commons_category"]},"scribunto":{"limitreport-timeusage":{"value":"0.505","limit":"10.000"},"limitreport-memusage":{"value":15159977,"limit":52428800}},"cachereport":{"origin":"mw-web.codfw.main-57488d5c7d-wfg75","timestamp":"20241128015755","ttl":2592000,"transientcontent":false}}});});</script> <script type="application/ld+json">{"@context":"https:\/\/schema.org","@type":"Article","name":"Network address translation","url":"https:\/\/en.wikipedia.org\/wiki\/Network_address_translation","sameAs":"http:\/\/www.wikidata.org\/entity\/Q11182","mainEntity":"http:\/\/www.wikidata.org\/entity\/Q11182","author":{"@type":"Organization","name":"Contributors to Wikimedia projects"},"publisher":{"@type":"Organization","name":"Wikimedia Foundation, Inc.","logo":{"@type":"ImageObject","url":"https:\/\/www.wikimedia.org\/static\/images\/wmf-hor-googpub.png"}},"datePublished":"2001-09-25T05:05:33Z","dateModified":"2024-11-20T15:18:18Z","image":"https:\/\/upload.wikimedia.org\/wikipedia\/commons\/c\/c7\/NAT_Concept-en.svg","headline":"protocol facilitating connection of one IP address space to another"}</script> </body> </html>