IP address and NAT

IP address (IP stands for Internet Protocol) is unique identification of the computer on the network. Basically, it works like your street address — as a way to find out exactly where you are and deliver information to you. The original design of TCP/IP defined an IP address as a 32-bit (4-byte) number. This system now named Internet Protocol Version 4 (IPv4). IPv4 addresses are usually represented in dot-decimal notation (four numbers, each ranging from 0 to 255, separated by dots, e.g. 195.77.95.13). 32-bit number limits the address space to 4,294,967,296 possible unique addresses. However, IPv4 reserves some addresses for special purposes such as private networks (~18 million addresses) or multicast addresses (~270 million addresses). This reduces the number of addresses that can be allocated as public Internet addresses. Private address spaces (also known as non-routable addresses) that may be reused by anyone; today, such private networks typically connect to the Internet through Network Address Translation (NAT).

Static and dynamic addresses

IP addresses can be static or dynamic. When computer is configured to use the same IP each time it powers up, this is known as a Static IP address. Static IP addresses are manually assigned to a computer by network administrator. In contrast, in situations when the computer’s IP address is assigned automatically, it’s known as Dynamic IP address. Dynamic IP addresses are most frequently assigned on LANs and broadband networks by Dynamic Host Configuration Protocol (DHCP) servers. They are used because it avoids the administrative burden of assigning specific static addresses to each device on a network. It also allows many devices to share limited address space on a network if only some of them will be online at a particular time.

Network address translation

Multiple client devices can appear to share IP addresses because an IPv4 network address translator (NAT) or proxy server acts as an intermediary agent on behalf of its customers, in which case the real originating IP addresses might be hidden from the server receiving a request. A common practice is to have a NAT hide a large number of IP addresses in a private network. Only the outside interface of the NAT device need to have a public IP address. NAT is like the receptionist in a large office. Let’s say you have left instructions with the receptionist not to forward any calls to you unless you request it. Later on, you call a potential client and leave a message for that client to call you back. You tell the receptionist that you are expecting a call from this client and to put her through.
The client calls the main number to your office, which is the only number the client knows. When the client tells the receptionist that she is looking for you, the receptionist checks a lookup table that matches your name with your extension. The receptionist knows that you requested this call, and therefore forwards the caller to your extension.

NAT as firewall

Without any special set-up NAT provides firewall-style protection automatically. This is because NAT allows only connections that are originated on the inside network. This means, for example, that an internal client can connect to an outside computer, but an outside client will not be able to connect to internal computers because it would have to originate the connection, and NAT will not allow that.