Network address translation (NAT) allows devices on a private network to share one public IP address for internet connectivity. This enables networks to migrate and merge, share servers and create virtual servers. NAT also reduces the rate at which existing IPv4 addresses are depleted. Despite this, NAT has some significant drawbacks that should be considered.
NAT is generally used on a router or gateway, and it works by broadcasting only one public IP address to the outside world on behalf of multiple internal computers. This is known as NAT cloaking, and it provides a degree of security by efficiently hiding the overall private network behind that solo public address.
Static NAT - This is the most common NAT technique that uses a 1:1 mapping between a private network address and a single public IP address. Dynamic NAT - This type of NAT translates multiple private network addresses into a single public address using different ports to distinguish each translation. It is most common in large organizations with several private, local networks that need to communicate with the outside world without requiring each of them to change their IP addresses.
The problem with dynamic NAT is that it can create problems when IP packets are fragmented and arrive out of order. Most NAT devices attempt to perform packet reassembly and translate them as they do so, but this often causes some fragments to be lost. It also complicates tunneling protocols such as IPSec because NAT changes values in the packet header that are used for integrity checks.
