Network Address Translation is the general form of IP Masquerading. A Firewall or Router changes the source IP address and TCP port number on packets for packets that it forwards and that match some set of rules. In turn, packets sent back to the Firewall or Router are re-routed back to the system which originated the session.

While IP Masquerading generally only works for a single "inside" address range, and maps TCP port numbers and IP addresses in that range to a single IP address (its own) and different TCP port numbers, Network Address Translation can map from multiple IP address ranges to multiple IP address ranges.

Return to IT Security Concepts