Proper Translation of Header Fields

  • Article

By default, a NAT translates IP addresses and TCP/UDP ports. These modifications to the IP datagram require the modification and recalculation of the following fields in the IP, TCP, and UDP headers:

  • Source IP Address (outbound from private network), Destination IP Address (inbound to private network)

  • IP Checksum

  • Source Port (outbound from private network), Destination Port (inbound to private network)

  • TCP Checksum

  • UDP Checksum

If the IP address and port information is only in the IP and TCP/UDP headers—for example, with HTTP (or World Wide Web) traffic, the application protocol can be translated transparently. There are applications and protocols, however, that carry IP or port addressing information within their headers. FTP, for example, stores the dotted decimal representation of IP addresses in the FTP header for the FTP port command. If the NAT does not properly translate the IP address, connectivity problems can occur. Additionally, in the case of FTP, because the IP address is stored in dotted decimal format, the translated IP address in the FTP header can be a different size. Therefore, the NAT must also modify TCP sequence numbers to ensure that no data is lost.