Network address translation
In computer networking, network address translation (NAT) is a technique of modifying the network address information in the IP packet headers while transferring the packet across a traffic routing device, such technique remaps a given address space into another address space.
Today, NAT is used to hide networks (called network masquerading) or to hide IP (called IP masquerading). Masquerading is the mechanism that hides an entire address space, usually consisting of private network addresses (RFC 1918), behind a single IP address usually in the public domain address space.
The NAT mechanism is implemented inside a routing device that uses a certain type of firewalls that keep track of the state of the network connections. Such kind of firewalls use translation tables to map the "hidden" addresses into a single address and then rewrites the outgoing IP packets on exit from the router so that they appear to originate from the router. In the reverse communications path, responses to the outgoing packets are mapped back to the originating IP address using the reverse of the rules ("state") stored in the translation tables. The outgoing IP packets establish the device translation tables.
The translation table rules established in the above way are cleared after a short period without new traffic refreshing their state. However, most NAT devices today allow the network administrator to configure translation tables’ entries for permanent use. This feature is often referred to as "static NAT" or port forwarding and allows traffic originating in the 'outside' network to reach selected hosts in the masqueraded network.