Please Whitelist This Site? I know everyone hates ads. But please understand that I am providing premium content for free that takes hundreds of hours of time to research and write. I don't want to go to a pay-only model like some sites, but when more and more people block ads, I end up working for free. And I have a family to support, just like you. :) If you like The TCP/IP Guide, please consider the download version. It's priced very economically and you can read all of it in a convenient format without ads. If you want to use this site for free, I'd be grateful if you could add the site to the whitelist for Adblock. To do so, just open the Adblock menu and select "Disable on tcpipguide.com". Or go to the Tools menu and select "Adblock Plus Preferences...". Then click "Add Filter..." at the bottom, and add this string: "@@||tcpipguide.com^$document". Then just click OK. Thanks for your understanding! Sincerely, Charles Kozierok Author and Publisher, The TCP/IP Guide

NOTE: Using software to mass-download the site degrades the server and is prohibited. If you want to read The TCP/IP Guide offline, please consider licensing it. Thank you.

The TCP/IP Guide  9  TCP/IP Lower-Layer (Interface, Internet and Transport) Protocols (OSI Layers 2, 3 and 4)       9  TCP/IP Internet Layer (OSI Network Layer) Protocols            9  Internet Protocol (IP/IPv4, IPng/IPv6) and IP-Related Protocols (IP NAT, IPSec, Mobile IP)                 9  IP Network Address Translation (NAT) Protocol

IP NAT Port-Based ("Overloaded") Operation: Network Address Port Translation (NAPT) / Port Address Translation (PAT) 1 2 3 IP NAT Compatibility Issues and Special Handling Requirements

All three of the versions of NAT discussed so far—traditional, bidirectional and port-based—are normally used to connect a network using private, non-routable addresses to the public Internet, which uses unique, registered, routable addresses. With these kinds of NAT, there will normally be no overlap between the address spaces of the inside and outside network, since the former are private and the latter public. This enables the NAT router to be able to immediately distinguish inside addresses from outside addresses just by looking at them.

In the examples we've seen so far, the inside addresses were all from the RFC 1918 block 10.0.0.0. These can't be public Internet addresses so the NAT router knew any address referenced by a request from the inside network within this range was a local reference within the inside network. Similarly, any addresses outside this range are easy to identify as belonging to the “outside world”.

There are circumstances however where there may indeed be an overlap between the addresses used for the inside network, and the addresses used for part of the outside network. Consider the following cases:

• Private Network To Private Network Connections: Our example network using 10.0.0.0 block addresses might want to connect to another network using the same method. This situation might occur if two corporations merge and happened to be using the same addressing scheme (and there aren't that many private IP blocks, so this isn't that uncommon).
  
  
• Invalid Assignment of Public Address Space To Private Network: Some networks might have been set up not using a designated private address block but rather a block containing valid Internet addresses. For example, suppose an administrator decided that the network he was setting up “would never be connected to the Internet” (ha!) and numbered the whole thing using 18.0.0.0 addresses, which belong to the Massachusetts Institute of Technology (MIT). Then later, this administrator's shortsightedness would backfire when the network did indeed need to be connected to the 'net.
  
  
• “Stale” Public Address Assignment: Company A might have been using a particular address block for years that was reassigned or reallocated for whatever reason to company B. Company A might not want to go through the hassle of renumbering their network, and would then keep their addresses even while Company B started using them on the Internet.

What these situations all have in common is that the inside addresses used in the private network overlap with addresses on the public network. When a datagram is sent from within the local network, the NAT router can't tell if the intended destination is within the inside network or the outside network. For example, if we want to connect host 10.0.0.207 in our private network to host 10.0.0.199 in a different network, and we put 10.0.0.199 in the destination of the datagram and send it, how does the router know if we mean 10.0.0.199 on our own local network or the remote one? For that matter, we might need to send a request to 10.0.0.207 in the other private network, our own address! Take the network that was numbered with MIT's address block. How does the router know when a datagram is actually being sent to MIT as opposed to another device on the private network?

IP NAT Port-Based ("Overloaded") Operation: Network Address Port Translation (NAPT) / Port Address Translation (PAT) 1 2 3 IP NAT Compatibility Issues and Special Handling Requirements