Nat Provides Multiplexing and Bolsters Security for your Home-based Computer Network

Edward C. Maurer asked:

A Network Address Translator can cure many of the access problems you may have with your home broadband connectivity through the process of multiplexing. This simple, affordable solution can mean the difference between effective in-home networking, and being bogged down with broadband restrictions.

You work from home and have a computer network, your own little LAN for you and the kids. Great. You get your work done, your spouse gets connectivity and the kids get their schoolwork done in record time on their own computers. And all of you can work, study, instant-message your friends or surf the Web from anywhere in the house, or even out by the pool. All this is thanks to your wireless connection to your broadband Internet service.

There’s one little problem…your broadband provider will supply you only a single Internet address, and it wants to charge you for each additional address, or, worse yet, there are no more addresses available right now. Only one computer can connect to the Net at a time. Oops.

“What do I do now?” you say. “Go back to a dial-up connection? Go back to a snail’s-pace link?” (Can you hear the kids now?) “Nooooooooo!”

Fear not, dear modern homeowner and connected parent, there’s a simple, and affordable solution. It’s called NAT, Network Address Translation, and not only will it allow your family simultaneous connectivity to the Net via that single Internet address, it will provide a little more security as well.

Network Address Translation is a technique used by NAT routers to translate Internet addresses from one address to another as data passes through the router. An ordinary router leaves the Internet address unchanged and simply passes the information along. A NAT router, however, changes the address to its own. This serves two purposes: computers on a LAN can access a broadband connection and “look” like only one, and it keeps computers outside your network from “seeing” yours, which adds another layer of security to your home-based LAN.

Here’s how it works. Each time it contacts the Internet, a computer is assigned an address that works much the same way your street address does. Information sent out from a computer is given an address so it can get to its destination. At the same time, a return address is attached to the information. Information sent through a standard Internet router looks the same way it did when it left your computer. It has the destination address and the return address on it. It’s this return address that the Internet reads to know who is sending the information, but so can everyone else. Additionally, if you have a broadband connection with only one Internet address authorized at a time, only a single computer in your LAN can be on the Net at a time.

However, information sent through a NAT router has its return address removed and stored in the router, which then passes the information along with no further changes. The NAT router assigns its own return address to your information, so, no matter how many computers are accessing the Net, they all have the same, single Internet address. The many look like one, which means the broadband system is seeing only that one Internet address, and allows the traffic to pass unimpeded.

The division of one signal, the signal on the Internet side of the NAT router, into the many signals on the LAN side of your router, is called multiplexing. Multiplexing, this ability to have several computers using only one Internet address on the Net, may sound like you’re cheating the broadband provider, but you are actually providing a necessary service to the entire Internet community. There are only so many Internet addresses available, about four billion. Four billion. That sounds like a lot, and it is, but the number of computers accessing the Internet exceeded that number years ago. Were it not for multiplexing, the Internet would slow down and possibly just grind to a virtual halt.

Multiplexing allows computers on LANs to be serviced by a single Internet address. The individual computers will share addresses within the LAN, and these may be the same used on the Internet and other LANs; however, since they are isolated in their own, closed system, there is no problem with the duplication. The global Internet sees only the single Internet address assigned to your NAT router. Thus, the world’s more than four billion computers can still use the less than four billion available addresses without bogging down the system.

The second advantage of the NAT router, which is pure serendipity, is that your LAN is essentially invisible to the world. Outside computers see only the router, not the computers on your LAN behind it. Since the router removes and stores Internet addresses originating from the LAN, it expects only those transmissions that it recognizes as being in response to what it sent out. Unanticipated messages coming from the Net literally have nowhere to go; the NAT router doesn’t recognize them, and won’t let them pass. A computer from the outside, say that of a hacker, cannot initiate contact with your LAN.

Now, so we don’t give you a false sense of security, running a computer behind a NAT router will not give you complete protection, though it can complement your current security measures. Malicious codes can still be downloaded through NAT, and Trojan Horse programs can still initiate connections to a hostile server. Web browsers and email operates through NAT unhindered, so any threat from Web sites and email still exists because the intended victim initiates these contacts, and opens a window to trouble if not careful. Imagine Dracula hovering outside your bedroom window…he can only enter if you invite him in. NAT’s your window; don’t open it to the vampires!

The NAT program is implemented in a computer or dedicated hardware device that joins two networks. One network is your LAN, and the other is the Internet, or WAN, the Wide Area Network. A NAT router has at least two physical connections or ports. These can be either two Ethernet cards, or an Ethernet and a modem. NAT software, like Internet Connection Sharing software by Microsoft, is available from many companies.

NAT software running on a computer is not the same as a Proxy Server, which can also run on a computer sitting between two networks. Every Internet-based application on a Proxy Server must be reconfigured on every local computer to use the server. With NAT, no reconfiguration is needed, which makes your life a lot easier.

NAT can also be implemented in a dedicated hardware device called a broadband router, cable modem router, or DSL router. In the purest form, the router has two Ethernet ports, usually labeled LAN and WAN. Some devices come with a DSL modem, V.90 modem, or cable modem. The modem or cable connection replaces the WAN port in those cases. Some devices have a Wireless Internet connection built in that is connected to the LAN port, allowing additional computers to connect through the wireless network.

Typically, routers incorporate a DHCP, a Dynamic Host Configuration Protocol, which assigns an Internet address and a Gateway address to each computer on the LAN. The NAT router is the Gateway, the access point to the Internet, so the LAN computers use its address for their own. The Internet protocol sends information not addressed to another computer on the LAN to the Gateway address. Thus, any information destined for the WAN, the global Internet, is sent directly through the NAT router looking as though it only came from the router, not the individual computer.

NAT can cause some problems with some protocols and Internet applications. A simple example is a Web server, which must accept incoming connections from other computers wishing to access its data. If the server is behind a NAT router, incoming connections are not possible and the server will be invisible to computers on the Internet.

Problems can also be had with FTP and some videoconferencing protocols; however, there are simple work-arounds and provisions to overcome difficulties with these and other programs.

Incoming signals that aren’t accepted by the NAT router can be stored in a “safe” area of the router called the DMZ, for Demilitarized Zone, rather than throwing them away. This feature allows these files to be reviewed and dealt with individually instead of just discarding them unseen.

NAT is a simple way to connect several computers in a wireless LAN to a single broadband connection or add an extra level of security to complement your existing firewalls, virus detection systems and other security protocols. While it may not solve all connectivity problems, it is a quick, affordable and easy solution that can be readily installed in your family’s local area network. Your mobile family members are safe to access the Web with their wireless Internet connections, your broadband provider won’t be stifling your connectivity and you’ll be helping the global Internet community to boot. The best part is, your window shades will be drawn and Internet vampires can’t get in, unless you invite them.

You may also like...