NAT (Network Address Translation)
Definition
NAT is a networking technique that modifies network address information in packet headers while routing traffic. It maps private (internal) IP addresses to a public (external) IP address, enabling multiple devices on a local network to share a single public IP.
NAT is the foundation of how home routers, firewalls, and cloud networks provide internet connectivity to multiple devices.
NAT Types
| Type | Description | Use Case |
|---|---|---|
| Static NAT | One-to-one mapping of private to public IP | Hosting servers behind NAT |
| Dynamic NAT | Many-to-many pool of public IPs | Pool of internet users |
| PAT (NAT Overload) | Many private IPs share one public IP via port numbers | Home routers, most common |
| Port Forwarding | Inbound traffic on specific port routed to internal host | Hosting game servers, web servers |
How PAT Works
Internal: 192.168.1.10:45678 → Public: 203.0.113.1:12345
Internal: 192.168.1.11:54321 → Public: 203.0.113.1:12346
Internal: 192.168.1.12:33210 → Public: 203.0.113.1:12347
Multiple internal hosts appear as different ports on the same public IP. The router maintains a NAT table to map return traffic correctly.
NAT Pros and Cons
Pros:
- Conserves IPv4 addresses
- Provides basic security (internal IPs hidden)
- Simplifies network management
Cons:
- Breaks end-to-end connectivity
- Complicates port forwarding and hosting
- Adds latency and single point of failure
- IPv6 reduces the need for NAT
NAT vs Firewall
| Feature | NAT | Firewall |
|---|---|---|
| Primary purpose | IP address mapping | Traffic filtering |
| State tracking | NAT table (connections) | Stateful inspection |
| Security | Indirect (hides IPs) | Direct (allows/blocks) |
| Can work together | Yes, often combined | Yes, often combined |