Network Address Translation is a technique used to enable devices on a local network to communicate with devices on the Internet using a single public IP address.
When a device on the local network sends a packet to a device on the Internet, the packet contains the local IP address of the sending device as the source IP address. However, since the local IP address is not a public IP address, the packet cannot be routed over the Internet.
To enable the packet to be routed over the Internet, the NAT device on the local network replaces the local IP address in the packet with its own public IP address, which is known as the NAT address. This exchange of IP data in the packet header is recorded in a NAT translation table along with the port numbers being used.
When a response is received from the Internet device, the NAT device uses the NAT translation table to determine which device on the local network the response should be forwarded to, and replaces the NAT address in the packet with the original local IP address and port number.
This process enables multiple devices on the local network to share a single public IP address, as the NAT device can maintain a separate entry in the NAT translation table for each device, and use a unique port number for each entry.
NAT can also provide a level of additional security by hiding the local IP addresses of devices on the network from the Internet. However, NAT can also introduce certain limitations and issues, such as difficulty in establishing peer-to-peer connections or potential issues with certain network protocols that rely on IP addresses being visible.
STUN services
In these situations, applications can make use of a STUN (Session Traversal Under NAT) service to help facilitate communications.
When a device on a local network establishes a connection with another device on the Internet, the NAT device (typically the router) will change the device’s IP address and port number as part of the NAT process.
A STUN server helps to overcome this issue by providing a mechanism for devices to determine their public IP address and port number as seen by the Internet. When a device behind a NAT firewall or router needs to communicate with another device on the Internet, it can send a request to a STUN server, which responds with the device’s public IP address and port number. This information can then be used by the device to establish communication with the other device on the Internet.
STUN servers are commonly used in Peer-to-Peer systems, VoIP (Voice over IP) applications, and other real-time communication applications, where establishing and maintaining a reliable connection between devices is critical.
STUN is one of several techniques used to traverse NAT firewalls and routers, and can be used in conjunction with other techniques such as TURN (Traversal Using Relays around NAT) and ICE (Interactive Connectivity Establishment) to provide a complete NAT traversal solution.