I'm having a bit of trouble grasping this, but it is probably me being a moron.
I've recently had to familiarise myself with NAT overload for some network changes we have planned at work. Diving in to it, I can honestly say that I see no difference between NAT overload and standard NAT though?
It shows a pretty diagram on orbit-computer-solutions.com that it gets internal IPs, sends them to a router, which then uses NAT overload to send it off in to the web. But, isn't this the regular functionality of NAT in a router?
Is there any key difference between the functionality of NAT overload and regular NAT through a router? I've seen a few things about PAT, but I thought that PAT fell under regular NAT too?
Best Answer
Strictly speaking, when performing (pure) NAT, only IP addresses are translated, and every internal IP address has to be translated to a different external IP address. This can be a static one-on-one mapping in the case of static NAT, or a dynamic mapping with a pool of public addresses.
With dynamic NAT, the router selects one IP address from the NAT pool when an internal hosts wants to connect to the internet. When a second host sends traffic to the internet, a second external IP from the pool is used. This works just fine, but the number of hosts that can use the internet is limited by the number of external addresses available in the NAT pool. When the 11th host behind a NAT router with a pool of 10 addresses wants to set up a connection, the connection will be refused (until one of the previous mapping times out).
NAT overload overcomes this limitation by allowing internal hosts to share external IP addresses. To keep the connections apart, in addition to swapping the internal IP for an external one, the router can change the source port of the outgoing traffic.
Because NAT overload is used most often, it is sometimes considered the default and just called NAT. Other terms include Port Address Translation (PAT) and Network Address Port Translation (NAPT). In Linux iptables, it is called masquerading.