Do you think that getting results from a search engine is as easy as connecting from A to B and from your device to a web server? No, many hidden tools will check your traffic and ensure your network security. Network address translation or NAT firewall is such a tool, usually installed on the router.
What is a firewall
To understand what isNAT firewall, You first need to understand what a firewall is and its role. The simplest analogy is: if the computer is a busy CEO, then the firewall is the CEO's secretary. The secretary sorts the emails to ensure that the only emails that pass are what the CEO really wants.
When browsing online, sending emails, or watching movies online, a request for information is sent to a specific website server. The firewall is located between the local network and the wider network. The firewall compares the returned information with the requested information-all matching information passes, and all the information it cannot identify will be discarded. In this way, the firewall can protect against unsolicited malicious Internet traffic that might otherwise try to harm your system.
Firewalls can be roughly divided into three categories: software, hardware, and cloud-based solutions. Different firewalls also apply different filtering methods, which makes them more reliable than other firewalls.
Related:What is a firewall
What is NAT and how does it work
NAT is Network Address Translation The acronym (Network Address Translation) is to solve a problem caused by the IPv4 protocol: the shortage of IP addresses. In the past, the founders of IPv4 believed that 4.3 billion IP addresses were enough to meet the needs of all networked devices. However, considering that there are more than 7 billion people in the world, and many people have more than one device, it is clear that there are not enough devices to meet the demand.
So, what exactly is a NAT firewall
Network address translation (NAT) firewall It is a process in which a network device (usually a firewall) assigns a public address to a computer (or group of computers) in a private network, which runs on a router to protect the private network. The main purpose of NAT is to limit the number of public IP addresses that an organization or company must use for economic and security purposes.
The working principle of NAT is to allow Internet traffic to pass through only when requested by a device on the private network. The NAT firewall protects the identity of the network and does not display the internal IP address to the Internet.
This is because when connected to the Internet, the router will be assigned a public IP address. It is visible to the wider network and needs to communicate with the web server. Any device locally connected to the router has a private IP address, which does not allow them to directly "communicate" with the desired web server. This is where NAT comes into play-it directs traffic back and forth.
How NAT firewall works
The most common form of network translation involves large private networks using addresses in the private range (10.0.0.0 to 10.255.255.255, 172.16.0.0 to 172.31.255.255, or 192.168.0 0 to 192.168.25). The private addressing scheme is suitable for computers that only need to access internal resources on the network, such as workstations that need to access file servers and printers. Routers in the private network can route traffic between private addresses without any problems. However, to access resources outside the network, such as the Internet, these computers must have a public address so that responses to their requests can be returned to them. This is where NAT comes into play.
- The device sends a request to the Web server by sending a data packet. These data packets include information such as the sender and receiver's IP, port number, and requested information.
- The traffic passes through a router with a NAT firewall. NAT changes the private IP of the packet to the public IP of the router. It records this change and adds it to its NAT forwarding table.
- The data packet arrives at the network server and obtains the necessary information.
- The information is transmitted back to the router. Now the job of NAT is to send information back to the device that requested it. Otherwise, every connected device will receive the same information. NAT uses its forwarding table to determine who requested this data.
- NAT changes the public IP of the packet to its previous private IP and sends it to the requesting device.
How NAT protects you
NAT can be used as a hardware firewall solution, but NAT is not a security tool, so how is it protected?
- It hides the IP address of any device on the network from the outside world and provides them with a single address.
- It requires the device to request every incoming packet of information. If the malicious packet is not in the expected communication list, it will be rejected.
- Some firewalls can use a whitelist to block unauthorized outgoing traffic, so if it is indeed infected with a piece of malware, the firewall may prevent it from communicating with the device.
More sophisticated attacks can be NAT, especially those that use phishing or social engineering methods. However, this does not mean that NAT should not be used. Without NAT, any amateur hacker can easily access the computer just by knowing the IP address.
NATs and VPNs
Some people think that VPN should not be used with NAT. Why? A VPN encrypts your traffic before it reaches the Internet, making it undecipherable. NAT needs to know some information about the traffic in order to complete its work. The outdated VPN protocols (PPTP and IPSec) cannot provide enough information to the NAT and may be blocked. To solve this problem, the router needs VPN pass-through.
The good news is that most routers have built-in VPN passthrough. Even if this is not the case, most popular VPN providers will provide more advanced protocols that do not require pass-through. E.g,NordVPN server Not only no longer use these outdated protocols, but also use the built-in NAT firewall.