Network Address Translation (NAT) Explained
Learn how NAT translates private IP addresses to public ones, enabling millions of devices to share a single public IP.
What Is NAT?
Network Address Translation (NAT) is a technique used by routers to translate private IP addresses into public IP addresses before packets leave the local network. NAT was introduced as a practical solution to IPv4 address exhaustion, allowing thousands of devices behind a single router to share one public IP address.
When a device on your home network sends a request to a website, the router replaces the device's private IP (e.g., 192.168.1.50) with the router's public IP (e.g., 203.0.113.10) and keeps a translation table so it knows where to forward the response.
How the NAT Translation Table Works
The router maintains a NAT table that maps internal connections to external ones:
| Internal IP:Port | External IP:Port | Destination |
|---|---|---|
| 192.168.1.50:49152 | 203.0.113.10:30001 | 93.184.216.34:443 |
| 192.168.1.51:49153 | 203.0.113.10:30002 | 93.184.216.34:443 |
When a response arrives at 203.0.113.10:30001, the router looks up the table and forwards the packet to 192.168.1.50:49152. This mapping is created dynamically and typically expires after a timeout period.
Types of NAT
- Static NAT -- Maps one private IP to one public IP permanently. Used for servers that need a fixed external address.
- Dynamic NAT -- Maps private IPs to a pool of public IPs on a first-come basis. Less common today.
- PAT (Port Address Translation) -- Also called NAT overload. Maps multiple private IPs to a single public IP by differentiating connections with port numbers. This is what your home router uses.
PAT example:
192.168.1.10:50000 -> 203.0.113.10:30000
192.168.1.11:50001 -> 203.0.113.10:30001
192.168.1.12:50002 -> 203.0.113.10:30002
All three share the same public IP.
NAT and Its Limitations
While NAT solved the address shortage problem, it introduced complications:
- Breaks end-to-end connectivity -- Devices behind NAT cannot be reached directly from the internet without port forwarding.
- Complicates peer-to-peer -- Applications like VoIP, gaming, and file sharing need NAT traversal techniques (STUN, TURN, ICE).
- Hides device identity -- All devices share one public IP, making server-side logging less granular.
- Performance overhead -- The router must inspect and rewrite every packet header.
NAT and IPv6
IPv6 was designed to eliminate NAT by providing enough addresses for every device to have a globally unique IP. However, NAT remains ubiquitous because IPv4 is still dominant. Some organizations even use Carrier-Grade NAT (CGNAT) where ISPs apply a second layer of NAT, stacking private addresses behind shared public IPs.