A. NAT lets organizations hide their internal IP addresses and provides a means for connecting many more computers over TCP/IP than would be possible if every computer that accessed the Internet needed its own IP address. An organization or a site within an organization that uses NAT can use almost any IP address internally for any purpose, with the exception of a few IP address ranges that are reserved for internal network use (for information about these IP ranges, see the FAQ at http://www.windows2000faq.com/articles/index.cfm?articleid=14985).

Unlike machines on your internal network that can use just about any IP address, machines that connect to the Internet must use allocated (i.e., registered) IP addresses. However, you can use a NAT gateway to connect any machine on your internal network to the Internet. The gateway will communicate with the outside world on the internal machine's behalf and forward responses from the Internet to the originating machine on your internal network.

For example, if a company has 20 computers that all need Internet connectivity, you'd need to register 20 different IP addresses. However, if you used a NAT gateway, you'd need to register only one IP address for the gateway machine that connects to the Internet. (In practice, you'd probably establish several NAT gateways for fault tolerance and load-balancing purposes.) Then, you'd simply channel the other 19 machines through the gateway server. The figure below illustrates how the three components (the internal network using an internal IP address subnet, the NAT with a registered Internet IP address, and the Internet) fit together.

Click here to view image

The use of NAT has grown in popularity because the use of TCP/IP has grown in popularity. The original TCP/IP address format is based on a 32-bit structure, which provides 4,294,967,296 possible IP addresses. (Fewer addresses are actually available because certain classes or sets of addresses are allocated and reserved for specific purposes.) Because the need for new IP addresses is constant, we'll eventually run out of available addresses based on the original 32-bit format. In recognition of this shortcoming, the Internet Engineering Task Force (IETF) has prepared IPv6, which is the next-generation Internet protocol and will use a 128-bit format to provide an astronomical number of addresses (3.4 x 10^38). The new protocol also does a better job than the current addressing scheme of concealing your internal IP address structure.