Translation table in NAT Posted On : Oct. 16, 2018, 5:51 p.m.

The source address for an Outgoing packet is straightforward while passing through NAT. But to get destination address for a packet coming from the Internet, NAT router maintains a Translation table.

Translation tables can be implemented in three different ways :

- Using One IP Address

- Using a Pool of IP Address

- Using both IP and Port Addresses


Using One IP Address

This is the simplest translation table, consisting of two columns : private address and external address (destination address for a packet). When the NAT router translates the source address, it also records the destination address in the table (address for where the packet is headed to). When the response comes back from the destination, the packet is first compared to the external address column to look for outgoing entries to find the internal destination address for packet.

In this type, the communication must always be initiated from inside the NAT. A private network cannot run a server program for clients outside of its network while using NAT. Consider this type as One-to-One relationship. This is great when you are just a single user.

Using a Pool of IP Addresses

Instead of a single public IP address NAT will have multiple public IPs to translate source address into. In this case, four private-network hosts can communicate with the same external host at the same time. Each private-public pair defines a connection. This one seems un-efficient and has under-utilized resources.

Using Both IP and Port Address

Making it resource-efficient,there is a many-to-many relationship. To communicate between private network hosts and external server programs, we need more columns in the translation table. Keeping records of Source IP and Port Addresses as well as Destination IP and Port Addresses and transport protocols, and the problem is eliminated. 

This type, with some hack allows you to establish pure peer-to-peer connections i.e. allowing two private network hosts to communicate directly without any public host participating in between.  

See more blog posts