NAT

In computer networking, network address translation (NAT) is the process of modifying the IP address of the IP packet header information in transit in traffic routing device.
The simplest types of NAT provides translation 1-1 of IP addresses. RFC 2663 refers to the type of NAT as a basic NAT. It is often also referred to as one-to-one NAT. In this type only NAT IP address, IP header checksum and the checksum of each higher level that includes the IP address needs to be changed. The rest of the package can be left untouched (at least for basic TCP / UDP functionality, some higher-level protocols may require further interpretation). Nat base can be used when there is a requirement for the interconnection of two networks with the IP addresses that are not compatible.
However, it is common to hide the entire IP address space, usually consisting of private IP addresses behind a single IP address (or in some cases a small group of IP addresses) in another address space (usually public). To avoid ambiguity in the handling of the returned package, one-to-many NAT must modify the higher level information such as TCP / UDP port in communication out and should have a translation table so that packets can be correctly translated back again. RFC 2663 uses the term NAPT (network address translation and port) for the type of NAT. Other names include PAT (Port Address Translation), IP masquerading, NAT Overload and many-to-one NAT. Since this is the most common type of NAT is often referred to simply as NAT.
However, most NAT devices today allow the network administrator to configure translation table entry for permanent use. This feature is often referred to as "static NAT" or port forwarding and allows traffic originating in the network "outside" to reach the network host designated in disguise.

NAT and TCP / UDP

"Pure NAT", operating on IP alone, may or may not be totally correct parse protocol relating to IP information, such as ICMP, depending on whether the payload is interpreted by the host on the "inside" or "outside" of translation. Once the protocol stack to go through, even with basic protocols such as TCP and UDP, the protocols will break unless NAT takes action beyond the network layer.
IP packet has a checksum in each packet header, which provides error detection only for the header. IP datagram can be fragmented and the need for NAT to reassemble these fragments to allow correct recalculation of higher level checksums and correct tracking of which packets belong to which connection.
The main transport layer protocols, TCP and UDP, have a checksum that covers all of the data they carry, as well as TCP / UDP, plus a "pseudo-header" that contains the source and destination IP address of the packet carrying the TCP / UDP header. For originating NAT to successfully pass TCP or UDP, must recompute the checksum of TCP / UDP header that is based on the IP address is translated, not the original, and put into the header checksum TCP / UDP packets from the first set of fragmented packets. Receiving NAT must recompute the IP checksum on every packet passed to the destination host, and also recognize and recompute the header TCP / UDP using the retranslated addresses and pseudo-header. This is not really solved the problem. One solution for NAT receiver to reassemble the entire segment and then recompute the checksum is calculated on all packages.
Originating host can do the maximum transmission unit (MTU) discovery of a way to determine the packet size that can be transmitted without fragmentation, and then set does not fragment (DF) bit in the appropriate field of the packet header.
[Edit] Destination network address translation (DNAT)

DNAT is a technique for transparently change the destination IP address of an en-route packet and perform the inverse function for each reply. Each router that is located between two endpoints can perform the transformation of the package.
DNAT is commonly used to publicize the services located on a private network on a publicly accessible IP address. It uses DNAT also called port forwarding, or DMZ when used on the entire server, which becomes exposed to the WAN, to be analogous to the military maintained demilitarized zone (DMZ).
[Edit] SNAT

The meaning of the term SNAT varies by vendor. Many vendors have proprietary definitions for SNAT. An expansion of the public is the source NAT, a partner of destination NAT (DNAT). Microsoft uses the acronym for Secure NAT, in association with ISA Server. For Cisco Systems, SNAT means stateful NAT.
[Edit] Secure network address translation
In computer networking, network address translation process performed in a safe way involves rewriting the source and / or destination addresses of IP packets as they pass through a router or firewall.

An analogy
A NAT device is similar to the phone system in an office that has a public phone number and some extensions. Outbound telephone calls made ​​from the office all seem to come from the same phone number. However, incoming calls that do not specify an extension can not be transferred to individuals in the office. In this scenario, the office is a private LAN, the main phone number is the public IP address, and the extension port number of unique individuals