Functions of Port and Address Translation (PAT)
Network address translation is generally used in the form of PAT in order to connect multiple local devices to the internet over a common IP address.
Since private IPs aren’t routable (and therefore have no meaning on the internet), data packages that a computer (client) in the LAN sends to a server on the internet must be provided with a public IP by the router. For this, the private IP address of the client stored in the header of the data package is switched with its own public IP address. In addition, the internally utilized port number is replaced by one of the router’s free ports. This appears to servers on the internet as the sender of all data packages that are sent from the local network.
Complete connection information (IP addresses, ports, and timeouts) are saved in a so-called NAT table (technically, this should also be called a PAT table). The addressed server answers the query of the local computer with a data package, which is first sent back to the corresponding router port. This now has the task of assigning the incoming data packages to the respective network device that started the request. Everything the router needs for this is contained in the NAT table connection information. Here’s an example for clarification:
Imagine a router has been assigned the public IP address 217.229.111.18 by an internet service provider (ISP) and acts as a default gateway for a local network. This has the private IP address range 192.168.0.0/24 (all addresses from 192.168.0.0 to 192.168.0.24) available for network devices. Now, if a device (for example, a computer with the private IP address 192.168.0.2) wants to establish a connection to the internet (for example, to a web server with the public IP 71.123.239.82 at its port number 80), it reserves an internal port (e.g. 22433) and transmits the request to connect to the router listed as the default gateway. This is addressable internally via the private IP 192.168.0.1 and communicates to the outside with the public IP 217.229.111.18.
The router receives the following information: Device 192.168.0.2 wants to establish a connection on port 22433 to 71.123.239.82 on port 80. To comply with this request, the router has to replace the source address of the LAN device (IP address and port number) with the sender’s own address. For this, it reserves any free port (e.g. 61001) and forwards the network address translation: 192.168.0.2:22433 becomes 217.229.111.18:61001. All relevant information is stored in the NAT table on the router.