| The N.A.T. Freebie |
 |
|
NAT is an acronym for Network Address Translation. Simply put, a firewall device hides your computer's private IP address behind the public (Internet visible) IP address your Internet service provider gives to your firewall's external interface. IP addresses are like phone numbers for computers, every number is unique. Inter-computer communication on the Internet can only occur between public addresses. So when you have a "real" firewall, it acts as a translator or "go between" for your computer’s “hidden” or private IP address. There are three private IP address ranges, and home grade firewalls most often, automatically set up private IP addressing with the private IP address range that starts with: 192.168.”something”.”something.” You'll often see the default address of your firewall's inside interface set to 192.168.0.1 or 192.168.1.1.
In case you're wondering about those other numbers that go with your IP address, for computers on this example network their subnet mask would be 255.255.255.0 and the gateway will always be the IP address of your firewall's inside interface. So if your firewall's inside address is 192.168.1.1, that makes the network's subnet mask 255.255.255.0. Then all the computers on this home network could have addresses of 192.168.1.1 thru 192.168.1.254. Each computer's gateway would be set to 192.168.1.1. Your Internet service provider can give you the proper DNS settings for your computers. If you set to devices on your network to the same address, at best weird stuff happens, and at worst those devices just won't "talk" at all. So anyway, NAT means the ONLY way traffic can get to your computer from the Internet is if your firewall allows it then translates it for your the computers behind your firewall to understand. Cool, yes? Cool and secure!
|
N.A.T. isn’t in Joe’s five “must do” security steps for the home user, because if you’ve installed a separate firewall device between your computer and the Internet, then it’s extremely likely you’ve already got NAT! So then why the article? Because NAT is a significant security layer that comes free when installing a firewall, then because you've got it, you should know about it. 
So if your firewall's inside interface is set to 192.168.1.1, then other computers on your home network will also have private IP addresses in this range such as 192.168.1.2. In fact, in this example any address between 192.168.1.1 and 192.168.1.254 is valid, as long as each address is only used once. 
