Network security using NAT and NAPT

摘要

This paper examines the use of NAT and NAPT as a transparent security mechanism. It discusses the addressing, security and administrative needs in modern secure network design. By way of examples it demonstrates the use of basic static and dynamic NAT, extending these ideas to include NAPT. More recent developments in the use of NAT are discussed which includes Bidirectional NAT, Twice NAT and Multihomed NAT. Although this technology is starting to provide many security benefits there are also a number of problems that remain to be solved. These include packet translation checksum and fragmentation issues, address and port embedding, and complications with using IPSec tunnels with NAT. Finally a variety of recent extensions and developments are discussed which include load-sharing, interworking between NAT IPv4 and IPv6 as well as discussion on recent work aimed at solving the IPSec tunneling issue.