NordVPN

What is a NAT Firewall?

Douglas Crawford

Douglas Crawford

मार्च 15, 2013

It is becoming increasingly common to see VPN providers offering NAT firewall services, usually as an optional extra. But what does this mean, and why should I want it? The more tech savvy out there may be even more confused as every home and office router includes basic NAT filtering, so why should you need an additional service?

What is a Firewall?

So let’s start with the basics. A firewall is a ‘thing’ that sits between a secure Local Area Network (LAN) such as a home WiFi setup, and a less secure area such as the internet. Its purpose is to control communications between the two, by analysing the data packets and determining what to do with them. Firewalls are therefore very useful for stopping hackers who use various techniques to insert malicious packets onto computers.

A firewall can be either a piece of software (often called a ‘personal firewall’) or a hardware network device. Most modern Operating Systems, such as Windows (Vista onwards) and OSX have at least a basic personal firewall built in.

What is NAT?

Network Address Translation (NAT) is the process of modifying the IP information in IP packet headers so that the packets can be routed to the required destination. It is used in home routers (such as the typical WiFi router) to allow a number of devices (such as desktop computers, laptops, games consoles, mobile phones, and internet enabled televisions), each with their own network address, to connect to the internet using the one external IP you are assigned by your ISP.

Devices connected to LAN <-> NAT router <-> ISP <-> internet

Because IP packets that are not recognized are discarded, the NAT process acts as a simple but effective firewall, blocking incoming traffic unless it is in response to previously sent outgoing traffic i.e. blocking unsolicited traffic.

VPNs and NAT Firewalls

What all this means is that normally, when you are connected to the internet through a router, you are protected by a hardware firewall which provides a good first line of defense against would-be hackers. The problem with using a personal VPN service, however, is that the encrypted VPN tunnel between your PC and the VPN server also tunnels through the NAT firewall (which cannot read the packets headers, as they are encrypted). This means that you lose the protection afforded by the NAT firewall, and malicious IP packets can enter your system from your public, visible IP address.

Device connected to LAN <=>Home router NAT firewall <-> ISP <=> VPN server <-> Internet

(all connection within the  <=>  are inside an encrypted VPN tunnel).

VPN providers who offer a NAT firewall service place a NAT firewall between the VPN server and the internet so that all internet traffic is filtered through the NAT firewall.

Device connected to LAN <=>Home router NAT firewall <-> ISP <=> VPN server <-> NAT firewall <-> Internet

Can’t I just use a personal firewall like the one that came with my OS?

It is always a good idea to use at least the firewall that came with your OS, as these provide a more sophisticated firewall solution to basic NAT filtering. Indeed, it is encouraged to use a third party firewall solution for even more comprehensive cover. However, not only is a NAT hardware firewall an extra line of defense, but it filters out a lot of potential threats before a more processor intensive firewall has to deal with them, and possibly throw up another annoying ‘Do you want to allow this connection?’ dialogue for you to deal with.

In addition to this, while desktop Operating Systems these days usually have built-in firewalls, other devices (most notable mobile phones) do not, and therefore receive no firewall protection when using VPN.

Your Information will never be shared with any third party.
Enter your email address to receive your Beginner's Guide to Online Security for Free
You'll also receive great privacy news and exclusive software deals!
Enter your email to get the ebook:
Your Information will never be shared with any third party.
Enter your email address to receive your Ultimate Online Privacy Guide eBook!
You'll also receive great privacy news and exclusive software deals!
Enter your email to get the eBook:
Special VPN Deal
SAVE 49% TODAY
WITH OUR
Exclusive Offer
Get a Special Deal - 72% OFF!
With a biannual subscription
Exclusive Offer for BestVPN.com Visitors!
50% Off Annual Plan
Limited Time Only
Exclusive price of
$3.25/mo
Exclusive Offer
SAVE 72% TODAY
LIMITED TIME OFFER
Get NordVPN for only
$3.29/month
Exclusive Offer
SAVE 77% TODAY
LIMITED TIME OFFER
Get NordVPN for only
$2.75/month