Deﬁnition: Network Address Translation (NAT) is a simple form of security that conceals internal addressing schemes from public networks (such as the Internet). A router is conﬁgured with a single public IP address on its external interface and a non-routable address on its internal interface. A NAT service running on the router or on another system translates between the two addressing schemes. Packets sent to the Internet from internal hosts all appear as if they came from a single IP address, preventing external hosts from identifying and connecting directly to internal systems.
NAT can be implemented as software on a variety of systems, or as hardware in a dedicated device such as a router. Internet Connection Sharing (ICS) in Windows systems includes a simple software-based NAT implementation, but requires a separate device, such as a modem, to provide actual Internet connectivity. Hardware-based NAT devices, such as cable modems and DSL routers, often have extended functionality and can double as Internet access devices.
Static vs. Dynamic NAT
In static NAT, each internal address is mapped to a single speciﬁc public address. In dynamic NAT, there is not a one-to-one ratio of internal to external addresses; any number of internal addresses can share a pool of external addresses.