Microsoft DirectX 9.0 SDK Update (Summer 2003)

Network Address Translation, Firewalls, and Proxies


Network Address Translation (NAT) is a mechanism with which one network can be connected to another. This is commonly used to connect a private home or office network to the Internet. The gateway between these two networks modifies packets sent from the private network to computers on the Internet so that they appear to have been sent by the gateway. When packets are sent back from the Internet to the gateway, the gateway forwards the packet on to the associated private computer.

The two main reasons these NAT gateways are used are as follows:

Firewalls are devices or software that inspect incoming or outgoing packets, and reject those that are not allowed by the firewall administrator. Most of them drop incoming packets that did not have a previous outgoing packet to the same port for security reasons. In this respect they behave like NAT devices, which can't forward packets without knowing their intended target. Many NAT devices also implement firewall capabilities.

Proxies relay requests to the external network on behalf of computers on the internal network. They can cache some requests like World Wide Web traffic for improved response time. They also typically work in conjunction with proxy client software installed on the internal computers for increased access control. Because external computers only see the proxy's external address, proxies can be thought of as performing NAT for the internal computers.

Unfortunately, all of these mechanisms are often at odds with providing a seamless network gaming experience. For example, having both a private address as well as a shared public address can make it hard to send packets to the appropriate destination. Sometimes the user is forced to enable forwarding for a particular port in order to play online. But until the next version of the Internet Protocol, version 6 (IPv6) becomes widely deployed, issues like address sharing will only grow more common.

Microsoft® DirectPlay® provides many features such as Universal Plug and Play (UPnP) support that take the hard work out of supporting NAT. This section includes the following topics.



© 2003 Microsoft Corporation. All rights reserved.