main page search map send letter
  About Forum
Overview of Network Address Translation (NAT) in Windows XP
/ Documentation / Theory / Using NAT in IPv4


As more homes and small businesses add computers they are finding that networking is an extremely powerful tool for sharing computer resources. An Internet connection is one of the more precious resources on the network and is likely to be shared. To do this and to enjoy an inexpensive, easy to manage, home or small office network, Internet gateways are being deployed. Internet gateways often provide network address translation (NAT) to connect multiple hosts to the Internet and share a single public IP address. Unfortunately, this solution breaks many types of networked applicationsas will be described in this paper.

NAT Traversal technology has been created to allow network applications to detect the presence of a local NAT. Once detected, the application can then configure the NAT, defining the appropriate mappings so that the NAT will forward their traffic.

This paper is an overview to introduce consumers and developers of network applications to NAT, identify common NAT problems, and review how NAT Traversal can be used by applications to address these problems. Technical details of the NAT Traversal APIs are provided in the Windows Platform SDK. Developers are encouraged to review these resources for more detailed explanations of how to capitalize on these new operating system capabilities that also extend to third-party gateway devices.

NAT Traversal relies on the NAT supporting the UPnP technology. An important feature to look for in an Internet gateway device (IGD) is UPnP certification. Consumers purchasing or leasing an IGD from their Internet service provider (ISP) are strongly encouraged to consider only those devices that are UPnP certified for NAT traversal because this feature makes such an important difference with respect to customer satisfaction, lower support costs, and the use of more innovative services and applications.

Adding UPnP technology support for NAT traversal to an IGD is not a complex, expensive or time-consuming endeavor for the IGD vendor. By using UPnP technology, which is based on Internet standards and protocols, the IGD vendor can solve the problem of NAT traversal and have those benefits extend to most any application that traverses their device. This is in sharp contrast to other solutions that many application developers or gateway device vendors have to provide today to solve these problems. This paper is not a detailed guide for hardware vendors desiring to implement NAT Traversal in IGDs. For this information, please see the UPnP Forum Web site.

Knowledge of Windows architecture, networking and the UPnP architecture will be helpful, but not required, to fully understand this paper.

What is NAT?

Network address translation (NAT) is an Internet Engineering Task Force (IETF) standard used to allow multiple computers on a private network (using private address ranges such as,, and to share a single, globally routable IPv4 address. NATs are often deployed because public IPv4 addresses are becoming scarce. Internet Connection Sharing in Windows XP and Windows Me, along with many IGDs use NAT, particularly to connect to broadband networks through DSL or cable modems.

NAT is an immediate but temporary solution to the IPv4 address exhaustion problem that will eventually be rendered unnecessary with IPv6 deployment. IPv4 address exhaustion is a particular problem in Asia and other geographies around the world and will increasingly become an issue in North America.

In addition to reducing the number of public IPv4 addresses needed for worldwide Internet connectivity, NAT also provides a simple packet filtering function by forwarding only solicited traffic to private network hosts. Solicited traffic is traffic that was requested by a private network host. For example, when a private host computer accesses a Web page, the private host computer requests the page contents from the Web server. The traffic for the Web page contests is solicited traffic. By default, a NAT does not forward unsolicited traffic to private network hosts.

Figure 1: Example network using a NAT to communicate with the Internet

General NAT Operation

Clients behind a NAT are assigned private IP addresses, usually through the Dynamic Host Configuration Protocol (DHCP) or static configuration by an administrator. When communication outside of this private network takes place, the following things normally occur.

On the client

When an application wants to talk to a server it will open a socket associated with a source IP address, source port, destination IP address, destination port and network protocol. This identifies both endpoints for the communication to take place. When the application transmits information using the socket, the client's private IP address (source IP address) and port (source port) are inserted into the source fields of the packet. The destination fields of the packet will contain the servers IP address (remote host destination IP address) and port. Because this packet is destined for a location off of the private network, the client will forward this packet to the default gateway. The default gateway is the NAT.

Outgoing Packet at the NAT

The NAT will intercept this outgoing packet and create a port mapping using the destination IP address (server), destination port, external IP address of the NAT, external port, network protocol, and the internal IP address and port from the client.

The NAT will maintain a table of these mappings, storing this port mapping in the table. The external IP address and port are the public IP address and port to be used by for this data traffic in place of the internal client's IP address and port.

The NAT then "translates" the packet by swapping the source fields of the packet from the private, internal IP address and port of the client to the public, external IP address and port of the NAT.

The packet is then sent on the external network (the Internet) to eventually reach the intended server.

Figure 2: Example of an outgoing packet translation
At the Server

When the server receives the packet, it creates a socket with what appears to be a computer with a globally routable, public IP address. It will address response packets to the external IP address and port of the NAT, using its own IP address and port in the source fields.

Incoming Packet at the NAT

The NAT receives these packets from the server and compares them to its table of port mappings. If the NAT finds a port mapping where the source IP address, source port, destination port, and network protocol of the incoming packet match the remote host IP address, remote port, external port, and network protocol of the port mapping, the NAT will perform a reverse translation. The NAT replaces the external IP address and external port in the destination fields of the packet with the clients private IP address and internal port. This is an example of solicited incoming traffic. The NAT silently discards unsolicited incoming traffic that does not match a port mapping.

The NAT then sends the packet on the internal network to the client.

The effect of NAT is the client will be able to communicate on the global Internet with a private IP address, without any extra effort on the part of the client application. This means the application will not have to call additional APIs and the client will not have to perform additional configuration. In this case, the NAT is transparent to both the client and the server application - everything just works.

However, not all network applications use protocols that work with NAT.


NAT is an IETF-approved solution to the problem of IPv4 address space exhaustion. Internet gateways that use NAT are often used in homes and small offices. They are used because they are cheap, easy to manage, and don't require users to install special software.

The downside to using NAT is that many chat, multiplayer games and peer-to-peer applications break. This is because their network protocols make assumptions about the network architecture that are no longer true.

NAT Traversal provides a way for applications to discover the presence of the NAT, discover the shared, globally routable IP address and configure static port mappings to solve some of the connectivity problems. The NAT traversal solution does not solve all of the problems associated with NAT, but alleviates some of the problems.

Key items of this article are the following:

IGD vendors should implement support for UPnP technology in their devices to support NAT Traversal.
Network application developers should use the Windows NAT Traversal APIs to detect the presence of NAT and enable their applications to traverse the NAT when necessary.
Consumers should use IGDs that support UPnP technology and NAT Traversal to ensure the best application behavior.
DSL and cable modem ISPs should specify, sell, and lease IGDs that support UPnP technology for NAT traversal.

This matherial is taken from 2007 Microsoft Corporation. All rights reserved.
Original link.
AREALIDEA Development