ScreenOS Cookbook by Stefan Brunner, Vik Davar, David Delcourt, Ken Draper, Joe Kelly, Sunil Wadhwa

Network Address Translation (NAT) was developed as an interim strategy to address Transmission Control Protocol/Internet Protocol (TCP/IP) network address space depletion—one of the main drivers for the IPv6 protocol.

In 1994, K. Egevang and Paul Francis introduced NAT in RFC 1631. With NAT, it is possible to recycle address space—multiple hosts can use the same address space as long as they communicate over a unique address space. The Network Address Translator, a function within a router (or a firewall with routing capability) would perform the translation to the unique address space, usually on the border between the private portion of a network and the public Internet. In 1994, a “recyclable” address space was defined in RFC 1597, and was obsoleted by RFC 1918 in 1996. Dedicated for private use were one Class A network within 10/8, 16 Class B networks within 172.16/12, and 255 Class C networks within 192.168/16.

NAT is not just a method for fighting address space depletion. It was also quickly adopted by security engineers, who liked the idea that thousands of hosts were able to hide behind a single IP address by using NAT with Port Address Translation (PAT). This helps prevent simple port scanning and other attack techniques on those hosts, but you should not consider it as anything but a part of an overall security strategy.

There is another use for NAT that the inventors of NAT did not initially consider: the likelihood ...