Network Address Translation (NAT) and Internet Connection Sharing (ICS)

NAT and ICS are two strategies that enable networks to access the Internet through a single connection. Having a single access point for the network enables an organization to have Internet access with a single IP address.


The basic principle of NAT is that many computers can "hide" behind a single registered IP address or a group of registered IP addresses. Using NAT means that, in its most basic implementation, only one registered IP address is needed on the external interface of the system that is acting as the gateway between an internal private network and an external public network such as the Internet.

A system performing the NAT service funnels the requests that are given to it to the external network. For instance, a client requests a website, and the request goes through the NAT server to the Internet. To the remote system, the request looks like it is originating from a single address, that of the NAT server, and not the individual client systems making the request. The system that is performing the NAT function keeps track of who asked for what and makes sure that when the data is returned, it is directed to the correct system.

Servers that provide NAT functionality do so in different ways. For example, it is possible to statically map a single internal IP address to a single external one so that outgoing requests are always tagged with the same IP address. Alternatively, if you have a group of public IP addresses, you can have the NAT system assign addresses to devices on a first-come, first-serve basis. Either way, the basic function of NAT is the same.


Although ICS is discussed separately from NAT, it is nothing more than an implementation of NAT on Windows platforms since Windows Me. ICS makes it very simple to share an Internet connection with multiple systems on the network.

Because ICS was intended as a simple mechanism for a small office network or a home network to share a single Internet connection, configuration is simple. However, simplicity is also the potential downfall of ICS. ICS provides no security, and the system providing the shared connection is not secure against outside attacks. For that reason, ICS should be used only when no other facilities are available or in conjunction with a firewall application, which later versions of Microsoft Windows, such as XP, now include.