VPNs and Nat Firewalls

Some VPN services often offer a NAT firewall protection to their users as an added security precaution. If you've wondered what a NAT firewall does or how it will impact your ability to share torrents, you aren't alone.

While NAT firewalls are a common part of any private network's interface with the Internet, it's not something we ordinarily need to know about. In this article, we'll explain what a NAT firewall is and why it's sometimes included with a VPN service.

What Is NAT?

The acronym NAT stands for Network Address Translation. It's an obscure technology that most users aren't aware of, but it's an essential process that makes it possible to browse the Internet without the fear of being hacked.

NAT allows any device on a private network to send and receive data to the Internet using a single public IP address that masks its private address. Every home network router uses this technology to manage Internet traffic for all the computers, smartphones, and smart appliances that are connected to it.

A home router strips the local network address associated with each device from outgoing requests and replaces it with your public IP. This makes it impossible for a web server, for example, to know the private network address of your device.

When your router receives data sent back from the Internet to your computer, it determines which device should receive it and replaces the public IP address with the private address. The same principle is used by corporate gateways that manage Internet traffic for a business's internal network.

What is a NAT Firewall?

Firewalls are a security layer that's placed between incoming Internet traffic and your computer. They can be software that resides on your computer, or a network appliance on a corporate intranet.

Either way, their function is to watch for unsolicited connection attempts and ignore them if they aren't addressed to an authorized port or IP address. Most operating systems, like Windows and OSX, include a firewall that automatically protects you against unauthorized connections. And many anti-malware applications include an enhanced firewall that replaces them.

Taking this concept further, a NAT firewall adds this security feature to the basic NAT function built into your network router. It filters out any unsolicited traffic coming in from the Internet to your computer. If an incoming connection isn't in reply to a request that originated from a device on your network, the NAT firewall discards it.

This firewall function prevents external hacking threats from scanning your private network, discovering devices connected to it, and attempting to access them.

Why do VPN Services Add NAT Firewalls?

NAT firewalls are designed to handle normal Internet traffic that is addressed to your computer when incoming data arrives. A VPN service, however, masks the address information your router would use to determine if traffic is legitimate or not. Instead, an encrypted connection is established with a server on the Internet that acts as your public address.

As a result, the NAT firewall built into your local router can be tricked into allowing malicious connections that piggyback on the VPN connection. The router has no idea whether any of the encrypted VPN data is legitimate or not, so it isn't able to intercept such unauthorized connections.

To assuage these concerns, a few VPN services opt to give their customers a NAT firewall. Sometimes it's optional, but some providers include it as a default, without the option of turning it off. With a NAT firewall on the VPN server, the router doesn't have the task of filtering unwanted traffic any more.

But there is a downside. A VPN that has a NAT firewall assigns a different IP address to each user. That means that the advantage of having a shared IP is lost. A unique IP makes it easier for users to be tracked and identified.

Downloading Torrents behind a NAT Firewall

For most Internet applications, NAT firewalls work well. You receive replies to any requests you send out to servers on the Internet. However, problems crop up with peer-to-peer applications like torrent file-sharing services.

Because these applications establish connections on the Internet that aren't directly requested by you, a strict NAT firewall will sometimes block both seeding and leeching connections. Typically, you can download files that you request, but seeding will be blocked. The solution is to authorize certain ports in your firewall and assign them for making connections in your peer-to-peer application.

Final Thoughts

NAT firewalls are an added security feature included with many VPN services to give you added assurance of anonymity. But it's important to keep in mind that there is a negative side as well. For example, the fact that IP addresses become unique is not ideal.

Also, they can sometimes interfere with peer-to-peer applications. These problems can usually be solved by assigned specific ports for your peer-to-peer connections. In the end, it's important to be aware of the pros and cons of NAT firewalls when choosing a VPN service.