In the Indian Postal System, sometimes letters from multiple houses in a colony are sent through a single forwarding address before reaching the outside world. This makes delivery easier and hides the individual house numbers from outsiders. Similarly, NAT (Network Address Translation) allows multiple devices in a private network to share a single public IP address.

At the same time, every sorting center has security checks to ensure no illegal or harmful parcels pass through. In networking, firewalls play this role by inspecting packets and deciding whether they should be allowed or blocked.

Core Concepts

1. NAT

Network Address Translation

• Purpose: Maps private IP addresses to a single public IP.
• Analogy: Like a colony’s letters being forwarded through one common postal address. Outsiders only see the colony’s main address, not individual houses.
• Types of NAT:
  • Static NAT → One-to-one mapping (like a fixed forwarding address).
  • Dynamic NAT → Many-to-many mapping (like assigning temporary forwarding addresses).
  • PAT (Port Address Translation) → Many devices share one public IP using different ports (like multiple letters marked with unique reference numbers under one forwarding address).

2. Firewalls

• Purpose: Control incoming and outgoing traffic based on rules.
• Analogy: Like postal security checks at sorting centers by inspecting parcels, rejecting suspicious ones, and allowing safe deliveries.
• Types of Firewalls:
  • Packet Filtering Firewall → Checks headers only (like checking envelope labels).
  • Stateful Firewall → Tracks ongoing connections (like verifying sender/receiver authenticity).
  • Application Firewall → Inspects application data (like opening parcels to check contents).
• Rules: Allow/Deny based on IP, port, protocol like postal rules banning certain items.

Hands‑On Exercise

1. Test Firewall Behavior
   • Try connecting to a blocked port.
   • Observe how the firewall rejects the packet like postal security refusing a suspicious parcel.

Configure a Simple Firewall Rule (Linux)

sudo ufw allow 22/tcp
sudo ufw deny 23/tcp

Allows SSH (secure registered post) but blocks Telnet (unsafe letters).

Check NAT in Action (Linux)

iptables -t nat -L

Displays NAT rules like checking the forwarding register at a post office.

Real‑World Relevance

• Home Networks: NAT allows multiple devices to share one internet connection.
• Cloud Security: Firewalls protect VPCs and VNets, just like postal checks protect sorting centers.
• Enterprise Security: Firewalls enforce compliance, block malicious traffic, and ensure safe communication.
• Troubleshooting: Misconfigured NAT = letters lost in forwarding; weak firewall = harmful parcels slipping through.

The Hackers Notebook

NAT is the postal forwarding system of networking, hiding internal addresses behind one public identity. Firewalls are the postal security checks, ensuring only safe and valid packets pass through. Together, they protect and streamline communication across networks.