User guide
Using NAT Rules
Chapter 13: Setting Your Security Policy 425
Using NAT Rules
Overview
In an IP network, each computer is assigned a unique IP address that defines both the host
and the network. A computer's IP address can be public and Internet-routable, or private
and non-routable. Since IPv4, the current version of IP, provides only 32 bits of address
space, available public IP addresses are becoming scarce, most having already been
assigned. Internet Service Providers will usually allocate only one or a few public IP
addresses at a time, and while larger companies may purchase several such addresses for
use, purchasing addresses for every computer on the network is usually impossible.
Due to the lack of available public IP addresses, most computers in an organization are
assigned private, non-routable IP addresses. Even if more public IP addresses became
available, changing the private IP address of every machine in a large network to a public
IP address would be an administrative nightmare, being both labor intensive and time
consuming. Therefore, organization's computers will most likely remain with private, non-
routable IP addresses, even though in most cases they require access to the Internet.
In addition to the issue of arranging Internet access for computers with non-routable IP
addresses, IP networks present a security challenge. Since making a network’s internal
addresses public knowledge can reveal the topology of the entire network, the network
administrator may want to conceal both routable and non-routable IP addresses from
outside the organization, or even from other parts of the same organization, in order to
enhance security.
The Safe@Office appliance solves both issues through the use of Network Address
Translation (NAT) rules. A NAT rule is a setting used to change the source, destination,
and/or service of specific connections.