Bird
Raised Fist0
Interview Prepcomputer-networksmediumAmazonGoogleMicrosoftFlipkartSwiggy

NAT - Network Address Translation, Types & Port Forwarding

Choose your preparation mode3 modes available
SolutionTrace

Start learning this pattern below

Jump into concepts and practice - no test required

or
Recommended
Test this pattern10 questions across easy, medium, and hard to know if this pattern is strong
Steps
setup

Initialize Network Nodes and NAT Device

The network topology is set up with a client, NAT router, and external server. The NAT device is configured with a port forwarding rule mapping external port 8080 to internal IP 192.168.1.100 port 80.

💡 Setting up nodes and NAT rules is essential to simulate how packets will be translated and forwarded.
Line:nat_device = NAT(public_ip='203.0.113.1') nat_device.add_port_forwarding_rule(8080, '192.168.1.100', 80)
💡 The NAT device is ready to translate packets from the private network to the public network using port forwarding.
📊
NAT - Network Address Translation, Types & Port Forwarding - Watch the Algorithm Execute, Step by Step
Watching the packet flow and NAT translation step-by-step reveals how NAT modifies packet headers and manages port mappings, which is difficult to grasp from code or static diagrams alone.
Step 1/10
·Active fillAnswer cell
Network nodes initialized and NAT port forwarding rule configured.
Hop: 0
Client 192.168.1.100
NAT Router 203.0.113.1
Server 8.8.8.8
Client sends original packet to NAT router.
Hop: 1
Client 192.168.1.100
NAT Router 203.0.113.1
Server 8.8.8.8
📦Packet
fromclient
tonat_router
📄 payloadTCP Packet 192.168.1.100:12345 → 8.8.8.8:80
🔌 protocolTCP
Packet created at client: 192.168.1.100:12345 → 8.8.8.8:80
NAT router checks port forwarding rules for incoming packet.
Hop: 2
Client 192.168.1.100
NAT Router 203.0.113.1
Server 8.8.8.8
📦Packet
fromclient
tonat_router
📄 payloadTCP Packet 192.168.1.100:12345 → 8.8.8.8:80
🔌 protocolTCP
Packet received at NAT router.
Port forwarding rule matched for external port 8080.
NAT router rewrites packet source to public IP and port per port forwarding.
Hop: 3
Client 192.168.1.100
NAT Router 203.0.113.1
Server 8.8.8.8
📦Packet
fromnat_router
toserver
📄 payloadTCP Packet 203.0.113.1:8080 → 8.8.8.8:80
🔌 protocolTCP
Packet source IP and port translated to 203.0.113.1:8080.
NAT table updated with port forwarding entry.
Packet forwarded to external server with NAT translation.
Hop: 4
Client 192.168.1.100
NAT Router 203.0.113.1
Server 8.8.8.8
📦Packet
fromnat_router
toserver
📄 payloadTCP Packet 203.0.113.1:8080 → 8.8.8.8:80
🔌 protocolTCP
Translated packet sent from NAT router to server.
Server responds to NAT router's public IP and port.
Hop: 5
Client 192.168.1.100
NAT Router 203.0.113.1
Server 8.8.8.8
📦Packet
fromserver
tonat_router
📄 payloadTCP Packet 8.8.8.8:80 → 203.0.113.1:8080
🔌 protocolTCP
Server sends response packet to NAT router.
NAT router looks up NAT table to translate response packet.
Hop: 6
Client 192.168.1.100
NAT Router 203.0.113.1
Server 8.8.8.8
📦Packet
fromserver
tonat_router
📄 payloadTCP Packet 8.8.8.8:80 → 203.0.113.1:8080
🔌 protocolTCP
Response packet received at NAT router.
NAT table entry found for port 8080.
NAT router rewrites response packet destination to internal client.
Hop: 7
Client 192.168.1.100
NAT Router 203.0.113.1
Server 8.8.8.8
📦Packet
fromnat_router
toclient
📄 payloadTCP Packet 8.8.8.8:80 → 192.168.1.100:12345
🔌 protocolTCP
Response packet destination translated back to internal client IP and port.
NAT router forwards response packet to client.
Hop: 8
Client 192.168.1.100
NAT Router 203.0.113.1
Server 8.8.8.8
📦Packet
fromnat_router
toclient
📄 payloadTCP Packet 8.8.8.8:80 → 192.168.1.100:12345
🔌 protocolTCP
Translated response packet sent to internal client.
Communication cycle complete; client received server response via NAT.
Hop: 9
Client 192.168.1.100
NAT Router 203.0.113.1
Server 8.8.8.8
Client received response packet.

Key Takeaways

NAT translates private IP addresses and ports to public IP and ports to enable communication with external networks.

This insight is hard to see from code alone because the dynamic rewriting of packet headers and maintenance of NAT tables is abstracted away.

Port forwarding allows external hosts to reach specific internal hosts by mapping external ports to internal IP and ports.

Visualizing the packet flow shows how port forwarding selectively translates packets, which is difficult to understand from static diagrams.

NAT maintains state for bidirectional communication, translating packets both outbound and inbound to preserve session continuity.

Watching the response packet being reverse translated clarifies how NAT supports seamless two-way communication.

Practice

(1/5)
1. Trace the sequence of events when a client sends a request to a web server protected by a reverse proxy. Which step happens immediately after the reverse proxy receives the client request?
easy
A. The reverse proxy forwards the request to the backend server
B. The firewall inspects and blocks the request if malicious
C. The proxy server caches the response for future requests
D. The client directly connects to the backend server

Solution

  1. Step 1: Understand reverse proxy role

    Reverse proxy acts as an intermediary on the server side, receiving client requests first.

  2. Step 2: After receiving the request

    The reverse proxy forwards the request to the backend server for processing.

  3. Step 3: Other options

    Firewall inspection happens before the reverse proxy in the network path; proxy caching is client-side; client does not connect directly to backend when reverse proxy is used.

  4. Final Answer:

    Option A -> Option A

  5. Quick Check:

    Reverse proxy forwards request to backend server immediately after receiving it [OK]
Hint: Reverse proxy forwards requests to backend servers.
Common Mistakes:
  • Assuming firewall acts after reverse proxy
  • Confusing proxy caching with reverse proxy behavior
2. You need to design a RESTful API endpoint that retrieves user profile information without modifying any server data. Which HTTP method should you use to ensure the operation is safe and does not change server state?
easy
A. GET
B. POST
C. PUT
D. DELETE

Solution

  1. Step 1: Understand the safety property of HTTP methods

    GET is defined as a safe method, meaning it does not modify server state and is used to retrieve data.

  2. Step 2: Analyze other methods

    POST, PUT, and DELETE modify server state and are not safe methods.

  3. Final Answer:

    Option A -> Option A

  4. Quick Check:

    GET is the only safe method here, suitable for data retrieval without side effects.
Hint: GET = safe read, POST/PUT/DELETE = state change
Common Mistakes:
  • Confusing POST with GET as both can send data
  • Thinking PUT is safe because it replaces data
  • Assuming DELETE can be used to retrieve data
3. Trace the sequence of layers a data packet passes through when a user sends an email using SMTP over TCP/IP. Which order correctly represents the encapsulation process from the sender's perspective?
easy
A. Application -> Transport -> Internet -> Network Interface
B. Network Interface -> Internet -> Transport -> Application
C. Internet -> Transport -> Application -> Network Interface
D. Transport -> Application -> Internet -> Network Interface

Solution

  1. Step 1: Understand encapsulation order in TCP/IP model

    Data starts at the Application Layer (SMTP), then is passed down to Transport Layer (TCP) for segmentation and connection management, then to Internet Layer (IP) for routing, and finally to Network Interface Layer for physical transmission.

  2. Final Answer:

    Option A -> Option A

  3. Quick Check:

    Encapsulation order is top-down: Application -> Transport -> Internet -> Network Interface [OK]
Hint: Encapsulation flows top-down from Application to Network Interface
Common Mistakes:
  • Confusing encapsulation with decapsulation order
  • Mixing up Internet and Transport layers
  • Assuming Network Interface is the first layer
4. Trace the sequence of packets exchanged during the TCP three-way handshake when a client initiates a connection to a server.
easy
A. Client sends ACK, Server replies with SYN, Client sends SYN-ACK
B. Client sends SYN-ACK, Server replies with ACK, Client sends SYN
C. Client sends SYN, Server replies with SYN-ACK, Client sends ACK
D. Client sends SYN, Server replies with ACK, Client sends SYN-ACK

Solution

  1. Step 1: Understand the handshake steps

    The client initiates by sending a SYN packet to request connection. The server responds with SYN-ACK to acknowledge and synchronize. The client completes with ACK.

  2. Step 2: Evaluate each option

    Client sends SYN, Server replies with SYN-ACK, Client sends ACK correctly follows the SYN -> SYN-ACK -> ACK sequence. Options A, C, and D have the order or packet types mixed up, which breaks the handshake protocol.

  3. Final Answer:

    Option C -> Option C

  4. Quick Check:

    Remember the handshake as "SYN, SYN-ACK, ACK" in that order.
Hint: Handshake order: SYN -> SYN-ACK -> ACK
Common Mistakes:
  • Mixing up who sends SYN-ACK or ACK first
  • Assuming ACK comes before SYN-ACK
5. Why might the TCP three-way handshake introduce latency, and when could this be a disadvantage?
medium
A. Because it requires multiple round-trip times before data transfer, causing delay in time-sensitive applications
B. Because it encrypts all packets during handshake, increasing processing time
C. Because it uses UDP packets which are slower than TCP packets
D. Because it requires the server to send data before the client can send any

Solution

  1. Step 1: Identify handshake latency cause

    The handshake requires at least one full round-trip time (RTT) before data can be sent, introducing delay.

  2. Step 2: Analyze options

    Because it requires multiple round-trip times before data transfer, causing delay in time-sensitive applications correctly states the latency due to multiple RTTs, which can be problematic for real-time or low-latency applications. Because it encrypts all packets during handshake, increasing processing time is incorrect; encryption is separate from handshake. Because it uses UDP packets which are slower than TCP packets is false; handshake uses TCP packets, not UDP. Because it requires the server to send data before the client can send any is incorrect; the client sends data after handshake completes.

  3. Final Answer:

    Option A -> Option A

  4. Quick Check:

    Handshake latency = multiple RTTs before data flow.
Hint: Handshake latency = waiting for multiple packet exchanges before data
Common Mistakes:
  • Confusing handshake with encryption overhead
  • Thinking handshake uses UDP packets
  • Believing server sends data first