Network address translation

Network address translation (NAT) enables you to access the Internet safely without having to change your private network IP addresses.

IP addresses are depleting rapidly due to widespread Internet growth. Organizations use private networks, which allows them to select any IP addresses they want. However, if two companies have duplicate IP addresses and they attempt to communicate with each other, they will have problems. In order to communicate on the Internet, you must have a unique, registered address. Just as the name implies, NAT is a mechanism that translates one Internet Protocol (IP) address into another.

Packet rules contains three methods of NAT. You commonly use NAT to map addresses (static NAT) or hide addresses (masquerade NAT). By hiding or mapping addresses, NAT solves various addressing problems.

Example: Hiding internal IP addresses from public knowledge

You are configuring a IBM® i platform as a public Web server. However, you do not want external networks to know your system's real internal IP addresses. You can create NAT rules that translate your private addresses to public addresses that can access the Internet. In this instance, the true address of the system remains hidden, making the system less vulnerable to attack.

Example: Converting an IP address for an internal host into a different IP address

You want private IP addresses on your internal network to communicate with Internet hosts. To arrange this, you can convert an IP address for an internal host into a different IP address. You must use public IP addresses to communicate with Internet hosts. Therefore, you use NAT to convert your private IP addresses to public addresses. This ensures that IP traffic from your internal host is routed through the Internet.

Example: Making the IP addresses of two different networks compatible

You want to allow a host system in another network, such as a vendor company, to communicate with a specific host in your internal network. However, both networks use private addresses (10.x.x.x), which creates a possible address conflict for routing the traffic between the two hosts. To avoid conflict, you can use NAT to convert the address of your internal host to a different IP address.