Linux NAT(Network Address Translation) Router Explained

For computer’s to communicate with each other, each and every computer must have a unique address to send and receive data. If you do not have a unique address other’s will not be able to send data to you. In IPv4 there are around 2^32 addresses, out of which 588514304 are for special purpose, which means we only have 2^32 – 588514304 unique public ip addresses.

Imagine an office in which you have 1000 computer’s for the employees to work. If each of them needs to communicate with hosts in the internet, assigning a unique public ip address to each of them will be idiotic and will also be a waste of internet resource.

Also sometimes you want to hide your internal network address details from the publicly available internet, for security reasons. NAT is a solution that was made to solve these problems.

What is NAT(Network Address Translation)?

The name itself suggests that it does a translation of addresses. IP address can be translated to another with the help of NAT. The primary job of a NAT device is to rewrite the source and destination address of an IP packet.

There are hardware devices that does this job, but we will be doing this with the help of a Linux system(as it will do almost all the job done by a hardware nat device.).

Network Address Translation using Linux

So you have a linux machine with two IP addresses(One private and one public) which is used as a NAT router. The private machine’s that are part of internal network cannot directly communicate with the hosts in the internet, because the source address of a private range cannot be routed to internet.

In other words you can say that those internal machine’s(,, cannot reach internet directly & hosts from internet also cannot reach them directly. In a way you can say that our internal machine’s are secure till a certain extent as an attacker from internet has no direct contact with them.

In case our internal machine’s needs to communicate with hosts on the internet, then our Linux NAT router in between will rewrite the their private addresses to its own public ip address( in our case.). So external hosts(hosts on the internet), will feel that the connection is initiated by the Linux router.

You might be thinking, how the Linux router machine know which packet are from which internal machine? and how will it manage these many connections from different internal IP addresses together?. The answer to that question lies in connection tracking.

What is connection tracking in Linux?

Connection tracking is a mechanism done by Linux machine’s to keep track of TCP connections that are going out and coming inside. This connection tracking mechanism enables Linux machine’s to accurately send packet’s which are NATed to the exact internal machines, who initiated the connection. You can say that the complete UDP/TCP connection status is stored in the connection tracking table. This connection tracking tables consists of the following things.

Ip addresses
Port number’s
Status of the connection

No token or token has expired.

Leave a Reply

Your email address will not be published. Required fields are marked *