What is NAT?

Network Address Translation (NAT) lets dozens or even thousands of devices at home, in an office or inside a data-centre share one public IP address on the internet. A NAT-capable router rewrites every outgoing packet so that the wider world only ever sees its own public address, then keeps a short-lived table so return traffic can find its way back. This saves scarce IPv4 addresses, hides internal hosts from casual scans and gives administrators an easy way to steer traffic with features such as port forwarding. Despite the growth of IPv6, NAT remains common wherever IPv4 is still in use.

Why we needed NAT in the first place

Address exhaustion

IPv4 has roughly four billion unique addresses. Long before the web exploded, engineers saw that pool would run dry. Private address ranges such as 192.168.0.0/16 or 10.0.0.0/8 were set aside for local networks; routers using NAT translate those private addresses to a smaller public pool as packets leave the site.

A simple telephone-switch analogy

Imagine everyone in a block of flats sharing one outward-facing phone line. The building’s switchboard adds an extension number when you dial out, then listens for that extension on incoming calls to put them back through. NAT performs the same trick with IP addresses and, when needed, port numbers.

How NAT Works

1. Packet leaves a device - Source IP 192.168.1.10, source port 50932.
2. Router rewrites it - Replaces 192.168.1.10 with its own public IP (for example, 203.0.113.5) and may change the port, e.g. to 45012. It stores a line in a translation table:

3. Response arrives - Destination 203.0.113.5:45012 matches the table, so the router rewrites the packet back to 192.168.1.10:50932 and forwards it indoors.

This split-second bookkeeping is invisible to users and applications.

Common flavours of NAT

• Static NAT
  • One private IP is always mapped to one fixed public IP.
• Dynamic NAT
  • Router picks an address from a public pool when needed, releases it afterwards.
• PAT (Port Address Translation)
  • Also called NAT overload; many private hosts share a single public IP by using different source ports.

Port forwarding - Letting the world call you back

Some applications such as game servers, CCTV streams, remote desktop need unsolicited inbound connections. Port forwarding (sometimes “destination NAT”) tells the router to send traffic that arrives on a chosen public port straight to a particular internal host and port.

Benefits and Trade-offs

Pros

• Address conservation - one public address supports countless private devices.
• Basic obfuscation - outside scanners only see the router, not the device behind it.
• Simple policy control - administrators can open or close services just by editing NAT or port-forward rules.

Cons

• Breaks true end-to-end connectivity - peer-to-peer games or VoIP often need extra workarounds like STUN or UDP hole-punching.
• Adds state -the translation table must be maintained in memory; heavy traffic can strain small routers.
• Not a firewall - NAT hides addresses but does not inspect packet content, so security still relies on proper filtering.

Does IPv6 make NAT obsolete?

IPv6 offers 3.4 × 10³⁸ addresses, enough for every grain of sand to have several billion IPs. In theory, every device can sit directly on the internet without translation. Most operators therefore avoid NAT66 and keep the end-to-end model "pure". That said, some organisations still use it for provider-independent addressing or multi-homing, so NAT knowledge will not vanish overnight.

FAQ