在计算机网络中,网络地址转换(Network Address Translation或简称NAT),也叫做网络掩蔽或者IP掩蔽(IP masquerading),是一种在IP封包通过路由器或防火墙时重写源IP地址或目的IP地址的技术。这种技术被普遍使用在有多台主机但只通过一个公有IP地址访问因特网的私有网络中。根据规范,路由器是不能这样工作的,但它的确是一个方便并得到了广泛应用的技术。当然,NAT也让主机之间的通信变得复杂,导致通信效率的降低。
Network address translation (NAT) is a methodology of modifying network address information in Internet Protocol (IP) datagram packet headers while they are in transit across a traffic routing device for the purpose of remapping one IP address space into another.
流行在网络上的一种看法认为,IPv6的广泛采用将使得NAT不再需要,因为NAT只是一个处理IPv4的地址空间不足的方法。
With NAT, all communications sent to external hosts actually contain the external IP address and port information of the NAT device instead of internal host IPs or port numbers.
When a computer on the private (internal) network sends an IPv4 packet to the external network, the NAT device replaces the internal IP address in the source field of the packet header (sender's address) with the external IP address of the NAT device. PAT(Port address translation) may then assign the connection a port number from a pool of available ports, inserting this port number in the source port field (much like the post office box number), and forwards the packet to the external network. The NAT device then makes an entry in a translation table containing the internal IP address, original source port, and the translated source port. Subsequent packets from the same connection are translated to the same port number.
A packet coming from the external network is mapped to a corresponding internal IP address and port number from the translation table, replacing the external IP address and port number in the incoming packet header (similar to the translation from post office box number to street address). The packet is then forwarded over the inside network. Otherwise, if the destination port number of the incoming packet is not found in the translation table, the packet is dropped or rejected because the PAT device doesn't know where to send it.
NAT only translates IP addresses and ports of its internal hosts, hiding the true endpoint of an internal host on a private network.NAT operation is typically transparent to both the internal and external hosts.
Typically the internal host is aware of the true IP address and TCP or UDP port of the external host. Typically the NAT device may function as the default gateway for the internal host. However the external host is only aware of the public IP address for the NAT device and the particular port being used to communicate on behalf of a specific internal host.