Why NAT Exists and How It Keeps the Internet Running

IPv4 provides only about 3.6 billion usable addresses, far fewer than the trillions of devices that need connectivity; NAT (Network Address Translation) solves this by allowing multiple private hosts to share one or more public IPv4 addresses through one‑to‑many translation.

1. Why NAT Appears

NAT uses session‑based translation rules. For TCP/UDP, a private host’s IPv4 + port is mapped to a public IPv4 + port; for ICMP, a private host’s IPv4 + sessionID is mapped to a public IPv4 + sessionID.

2. NAT Definition

NAT translates private IP addresses to external IP addresses at the network edge, recording the mapping in a NAT table so that returning traffic can be correctly routed back to the internal host.

RFC1918 defines three private address blocks for internal networking:

A class: 10.0.0.0 – 10.255.255.255 (10.0.0.0/8)

B class: 172.16.0.0 – 172.31.255.255 (172.16.0.0/12)

C class: 192.168.0.0 – 192.168.255.255 (192.168.0.0/16)

These private ranges are routable within a LAN but not on the public Internet; a border router uses NAT or PAT to translate them to a public IP, which also adds a layer of security.

3. Three NAT Techniques

Assume a company has two public IPs (191.4.4.1 and 191.4.4.2) and two internal hosts A (192.168.1.2) and B (192.168.1.3).

3.1 Static NAT

Static NAT provides a one‑to‑one mapping between a private address and a public address, requiring a dedicated public IP for each internal host and therefore not conserving public IP space.

3.2 Dynamic NAT

Dynamic NAT uses a pool of public IPs; when an internal host initiates traffic, the router assigns an available public IP from the pool and records the mapping, releasing the IP back to the pool after the session ends, similar to DHCP lease behavior.

3.3 PAT (Port Address Translation)

PAT, the most common NAT technique, enables many internal IPs to share a single public IP by differentiating connections using distinct port numbers, allowing IPv4 to remain viable today.

4. NAT Virtual Network Configuration

Before configuring NAT, determine the network segment. Example: the subnet is 194 and the gateway IP is 2.

Edit the interface configuration file (e.g., /etc/sysconfig/network-scripts/ifcfg-ens33) to set a static IP:

BOOTPROTO=static
DEFROUTE=yes
PEERDNS=yes
PEERROUTES=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_PEERDNS=yes
IPV6_PEERROUTES=yes
IPV6_FAILURE_FATAL=no
IPV6_ADDR_GEN_MODE=stable-privacy
NAME=ens33
UUID=f1d0dd87-ed43-4a32-984c-7d4baa9f007f
DEVICE=ens33
ONBOOT=yes
IPADDR=192.168.194.100
NETMASK=255.255.255.0
GATEWAY=192.168.194.2
DNS1=202.96.128.86

After saving, restart the network service and verify the IP with ip addr. Test connectivity with ping; if pinging an IP works but a domain name does not, configure DNS resolvers accordingly.

Example /etc/hosts entries for server aliases:

127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.194.100 server1
192.168.194.101 server2
192.168.194.102 server3

Key parameters explained:

IP : 192.168.194.128 – the host address (range 1‑254, as 255 is broadcast).

Netmask : 255.255.255.0 – used to calculate the network segment via bitwise AND.

Gateway : 192.168.33.1 – the router’s address for outbound traffic.

DNS : Domain Name System servers translate domain names to IPs; configure appropriate DNS addresses (e.g., regional DNS providers).

Source: https://www.cnblogs.com/wlwl/p/9498220.html (copyright belongs to original author).