From InfoAnarchy
Jump to: navigation, search

See also: Router | Firewall | Ethernet

Network Address Translator


The IP Network Address Translator

"An Internet standard that enables a local-area network (LAN) to use one set of IP addresses for internal traffic and a second set of addresses for external traffic. A NAT box located where the LAN meets the Internet makes all necessary IP address translations." (


It is important to understand NAT if you want your P2P app to get through NAT's and firewalls. In essence, it is just an address translator; on the outside, an extern_IP, and inside a non-routable intern_IP. The NAT is the device that edits the packet addresses as they pass through it, so that internal IP's stay internal, and external IP's stay external. As such, some people (foolishly) consider a NAT as a basic firewall.

Troubles with NAT

Sometimes users may have difficult to understand if they are connected to Internet through a NAT device or directly via modem, some service like Am I Behind Nat can help you understand this. As a general rule you're behind NAT when your local IP (the one of your network card) is different from the one with you communicate in Internet. Usually this depends on you being sharing the internet connection with other people through a Router (either cable or wireless), this is the common case in offices.

NAT is often problematic when you need to accept external connection directly to your host (for example if you want to host a web server or more simply to share file via aMule, eDonkey, BitTorrent, etc.), in that case you'll need to configure your NAT device to redirect certains port (port forwarding) to a certain internal computer.

Nowadays routers support the uPnP protocol that makes this task easier, but sometimes you'll still need to get your hands on the router configuration.

NATs v Firewalls

NATs are often marketed as Firewalls as they provide basic intrusion protection. They are not. However, some NAT routers include firewalls as well.

NATs are important to P2P apps because the P2P app only knows the internal address. It has, AFAIK, no way to know what the external IP is, so your app may waste time and effort trying to send messages to non-routable IP's. So like a firewall, if you are behind a NAT, you can connect out, but nobody can connect in. Without tricks, a firewalled or NAT'd host can not connect to another such host. You need an intermediary that allows incomming connections. (There are more soffisticated ways of dealing with NAT's and firewalls, but I don't recall them.)

Related links

  • Natcheck - A program to use P2P applications in the situation where both clients are behind a NAT. Explanation and technical details available at website.