How Network Address Translation Works

Stub Domains

Look below to see how the computers on a stub domain might appear to external networks.

Source Computer A

IP Address:

Computer Port: 400

NAT Router IP Address:

NAT Router Assigned Port Number: 1

Source Computer B

IP Address:

Computer Port: 50

NAT Router IP Address:

NAT Router Assigned Port Number: 2

Source Computer C

IP Address:

Computer Port: 3750

NAT Router IP Address:

NAT Router Assigned Port Number: 3

Source Computer D

IP Address:

Computer Port: 206

NAT Router IP Address:

NAT Router Assigned Port Number: 4

As you can see, the NAT router stores the IP address and port number of each computer. It then replaces the IP address with its own registered IP address and the port number corresponding to the location, in the table, of the entry for that packet's source computer. So any external network sees the NAT router's IP address and the port number assigned by the router as the source-computer information on each packet.

You can still have some computers on the stub domain that use dedicated IP addresses. You can create an access list of IP addresses that tells the router which computers on the network require NAT. All other IP addresses will pass through untranslated.

The number of simultaneous translations that a router will support are determined mainly by the amount of DRAM (Dynamic Random Access Memory) it has. But since a typical entry in the address-translation table only takes about 160 bytes, a router with 4 MB of DRAM could theoretically process 26,214 simultaneous translations, which is more than enough for most applications.

IANA has set aside specific ranges of IP addresses for use as non-routable, internal network addresses. These addresses are considered unregistered (for more information check out RFC 1918: Address Allocation for Private Internets, which defines these address ranges). No company or agency can claim ownership of unregistered addresses or use them on public computers. Routers are designed to discard (instead of forward) unregistered addresses. What this means is that a packet from a computer with an unregistered address could reach a registered destination computer, but the reply would be discarded by the first router it came to.

There is a range for each of the three classes of IP addresses used for networking:

  • Range 1: Class A - through
  • Range 2: Class B - through
  • Range 3: Class C - through

Although each range is in a different class, your are not required to use any particular range for your internal network. It is a good practice, though, because it greatly diminishes the chance of an IP address conflict.