Network Address Translation

Network Address Translation (NAT) is a powerful tool that can be used to hide internal network addresses and enable several endpoints within a LAN to share the same (external) IP address. In NAT as it is literally defined, outgoing IP headers are changed from private LAN addresses to the router’s global IP address.

NATs also indirectly contribute to security for a LAN by making internal IP addresses less accessible from the public Internet. Thus, all attacks against the network must be focused at the NAT router itself. Like firewalls, this provides security because only one point of access must be protected, and the router will generally be far more secure than a PC directly connected to the Internet (less likelihood of open ports, malicious programs, etc.). The abstraction of the LAN from the Internet through a NAT also simplifies network management. For instance, if one decided to change their ISP, only the external router configuration would need to be changed. The internal network] and addressing scheme could be left untouched.