Win2k Q&A: What's This NAT Thing?

Win2k Q&A: What's This NAT Thing?

October 17, 2000

Thomas Shinder


I've been hearing a lot about a new protocol called NAT lately. I've never worked with the protocol before. Was it available in Windows NT 4.0 and I somehow missed it? Is it something that I need to know about?


NAT is an extremely useful protocol, and is in widespread use on both small and very large networks. It is NAT that has bought time for IPv4 and allowed the available pool of IP addresses to last as long as it has.

NAT is an acronym for Network Address Translation. NAT is sometimes thought of as a routing protocol, because it allows packets that source from private network IDs to be routed to the public Internet. If it weren't for the Network Address Translator, the packets with source addresses in the private network ranges would not be able to communicate with Internet Servers.

Windows 2000 Server family products include NAT Server functionality. When you enable the NAT Routing Protocol in the Windows 2000 Routing and Remote Access Console, computers on your private network use the NAT Server as their gateway to the Internet. You therefore will set the clients to use the NAT Server as their Default Gateway.

The various implementations of NAT work slightly differently but all are based on the same basic principle. The NAT Server intercepts the request from a client on a private network ID, and then forwards the request to a server on the public Internet using its external interface, which has a public IP address. The request will have the source IP address of the external interface of the NAT Server.

The Internet server sends its reply to the IP address for the external interface of the NAT Server. When the NAT Server receives this reply, it checks its translation tables to see what IP address and port number was the source of the request, and forwards the Internet server's answers to the internal network client that made the initial request.

Some NAT implementations can be configured to accept inbound requests from Internet host for client machines on your internal network. This is a type of "reverse NAT" in that the NAT Server forwards the request from the external host to the internal host via its internal interface. The internal network client responds to the NAT Server's request and send the reply to the NAT Server's internal interface. The NAT Server then forwards this reply through its external interface to the Internet host that was the source of the request.

The Windows 2000 implementation of NAT supports both these types of address translation. NAT is a useful protocol for small to medium sized businesses that would like to connect their private network to the Internet, but don't have a pressing need for a more powerful solution such as Microsoft Proxy Server 2.0 or the soon to be released Internet Security and Acceleration Server (ISA Server). You should get to know NAT, because you can bet there's going to be a question or two on in on your Windows 2000 certification exams

For More Win2k Q&A check out the Certification Emergency Room. Just like on the Ambulance and it will take you there!