Sign in Sign Up for FREE

What Is NAT (Network Address Translation)?

Network Address Translation (NAT) is a technique that allows multiple devices on a private network to share a single public IP address when accessing the internet. It is implemented in virtually every home router and is the main reason IPv4 has not run out of addresses despite the internet growing far beyond the 4.3 billion addresses the protocol can theoretically support.

Types of NAT

TypeHow It WorksTypical Use
Static NAT (one-to-one)Maps one private IP permanently to one public IPWeb/mail servers needing a consistent public IP
Dynamic NAT (pool)Maps private IPs to a pool of public IPs dynamicallyISPs with a block of public IPs to share
PAT / NAT Overload (many-to-one)Maps many private IPs to one public IP using unique port numbers to distinguish sessionsHome routers - The most common form of NAT
Double NAT (CGNAT)Carrier-grade NAT - ISP places its own NAT in front of the customer's router NATMobile networks; cable ISPs managing IPv4 scarcity

How PAT (Home Router NAT) Works

Your router maintains a NAT translation table. When your laptop (192.168.1.10:54321) sends a request to a web server (93.184.216.34:443), the router rewrites the source address to its public IP (e.g. 203.0.113.5:62145) and records the mapping. When the server's response arrives at 203.0.113.5:62145, the router looks up the table, rewrites the destination back to 192.168.1.10:54321, and forwards the packet to your laptop. The web server only ever sees the router's public IP.

NAT vs IPv6

IPv6 was designed to eliminate the need for NAT by providing enough addresses (3.4 × 10^38) to give every device on earth a globally unique public address. In a pure IPv6 network, every device has its own routable public IPv6 address and NAT is not required. However, NAT is still widely used for IPv4 traffic and is present in dual-stack networks where both IPv4 and IPv6 are used side by side. See the IPv4 vs IPv6 comparison for more detail.

Key Facts About NAT

  • NAT effectively acts as a firewall for inbound connections - Unsolicited inbound packets are dropped because there is no matching NAT entry.
  • Double NAT (CGNAT) breaks some applications that require a direct inbound connection, such as hosting game servers, VoIP, or P2P applications.
  • Port forwarding is a manual NAT rule that directs inbound connections on a specific port to a specific private IP device.
  • UPnP allows applications to automatically create port forwarding rules in the router - Convenient but a security risk if left enabled.
  • To check if you're behind CGNAT, compare the IP shown by your router's WAN interface with what whatsmyipnow.com shows - If they differ, you are behind double NAT.
Learning Hub What Is an IP Address? What Is a Private IP Address? IPv4 vs IPv6 What Is DHCP? IP Lookup Tool

Continue Learning

← Learn Hub IP Lookup Tool Hide My IP VPN Leak Test VPN Guide Blog