NAT is explained in the following sections:
To access the Internet, each host must use a globally unique (registered) IP address obtained from an Internet Service Provider (ISP) or from an Internet address registry, such as the Internet Assigned Numbers Authority (IANA). Unless you are requesting a large range of addresses, an ISP should be able to accommodate your addressing needs.
Nevertheless, because it can be costly or impractical to obtain registered IP addresses for every host on your network, you might choose not to assign registered addresses to each host on your private network. Instead you can use circuit-level solutions provided with the Novell BorderManager® 3.8 software: NAT.
NAT is considered circuit-level solutions because they can establish connections to the Internet using registered IP addresses on behalf of multiple hosts on your private network that have not been assigned registered IP addresses. The original circuit (or connection) from a host is terminated at the gateway or NAT interface, and the gateway or NAT interface establishes the actual connection to the Internet for that host. Therefore, multiple hosts can share the same registered IP address if it is assigned to the NAT interface, and the IP addresses of your private network are essentially hidden from the Internet.
NAT translates private IP addresses to registered IP addresses. NAT enables private clients to access the Internet without the reconfiguration of their private addresses while it hides the addresses of the private network from the Internet.
However, NAT does not require Windows or a Novell Client for Windows. Because NAT operates on a network router interface, the interface's address translation capability can be used by network hosts running any platform, including Windows, Macintosh, UNIX, and OS/2. If these hosts send their TCP/IP packets through the NAT interface, their source IP addresses are not forwarded in the TCP/IP packet headers.
In addition to address translation, NAT can be used to provide other benefits, such as packet filtering based on IP address for enhanced network security. When a network interface is configured to use NAT in any of the three modes of operation, as described in Selecting a NAT Mode of Operation, each TCP/IP packet that reaches the interface is examined for its source or destination IP address. For more information about how NAT filters packets based on source and destination addresses, refer to Filtering Rules.
NAT might be a choice if the following conditions exist:
Furthermore, NAT is unaffected by eDirectory problems. NAT checks only for IP addresses in TCP/IP packet headers, its operation does not depend on the availability of eDirectory.
NOTE: Although you might have additional reasons to use one solution instead of the other, you might also experience situations in which you would want to implement both solutions on your network.