NAT, PAT(NAPT), Masquerading, and Port Mapping/Multiplexing

In the Linux world, the term IP masquerading often is used for historical reasons. In pre-iptables times, the masquerading engine was separate from the packet filter and stateful inspection engine. In a way, IP masquerading is a point of view that emphasizes the stealthy character of the procedure. In contrast, PAT describes the mechanism more accurately.

NAT gateways (NAT translators in Internet Engineering Task Force [IETF] parlance) internally operate as TCP/UDP port multiplexing/demultiplexing engines. This procedure also is referred to as mapping and reverse mapping. NAPT is IETF parlance for PAT.

You occasionally will find that Cisco differentiates between NAT and PAT. From the Cisco perspective, this is a differentiation of one-to-one and many-to-one/many-to-many mappings.

Command Syntax Conventions

Chapter 1. Operating System Issues and Features-The Big Picture

Chapter 2. User-Space Routing Software

Chapter 3. Kernel Requirements for a Full-Featured Lab

Chapter 4. Gateway WAN/Metro Interfaces

Chapter 5. Ethernet and VLANs

Chapter 6. The Analyzer Toolbox, DHCP, and CDP

Chapter 7. The UNIX Routing and ARP Tables

Chapter 8. Static Routing Concepts

Chapter 10. ISP Connectivity with BGPv4-An Exterior Gateway Path-Vector Routing Protocol for Interdomain Routing

Chapter 13. Policy Routing, Bandwidth Management, and QoS

Chapter 14. Multicast Architectures

Chapter 15. Network Address Translation

The NAT Foundation-Basic/Traditional NAT

NAT, PAT(NAPT), Masquerading, and Port Mapping/Multiplexing

Static NAT and ARP/Routing Issues

Redirection (Port Forwarding/Relaying or Transparent Proxying)

UNIX NAT Approaches

NAT-Hostile Protocols

Future Developments: NAT-T, MPLS+NAT, Load Balancer

NAT Redundancy-Stateful Failover

Recommended Reading

Appendix A. UNIX Kernel Configuration Files

Appendix B. The FreeBSD Netgraph Facility