In This Chapter

NAT (network address translation) allows companies or individuals to share their public IP address across multiple systems located inside their router, in part to satiate the demand for public IP addresses from the limited number of IPv4 numbers available but also to help shield internal systems from public attacks.

NAT provides two primary features. The first is IP masquerading, which is used to enable outside access to the public Internet by devices within a subnet of private internal addresses, such as 10.x.x.x or 192.168.x.x.

Without NAT, outside hosts would have no way to route replies back to the original system because private addresses are only valid locally. NAT bridges the security moat that isolates inside systems from external attacks.

A second feature is port forwarding, which is used to direct incoming traffic to specific inside hosts. This enables a single public IP address to receive traffic bound for different internal servers, such as mail and web.

The NAT service is provided by the natd background process. It acts as an extended function of the IP firewall, which is part of the Mac OS X Server kernel. In addition to allowing, denying, and logging traffic, the firewall can also be configured to divert traffic to NAT. This requires the firewall to be active in order for NAT to work.

This ...