What Is NAT (Network Address Translation)?

Understand how NAT works, the different types (SNAT, DNAT, PAT), how home routers use NAT, double NAT, Carrier-Grade NAT, and IPv6's impact.

What Is NAT?

NAT (Network Address Translation) is a method used by routers to translate private (internal) IP addresses to a public (external) IP address and vice versa. NAT allows multiple devices on a local network to share a single public IP address when accessing the internet.

NAT was developed as a practical solution to IPv4 address exhaustion. Instead of assigning a unique public IP to every device, an entire home or office network uses private addresses internally and a single public IP externally. The router keeps track of which internal device made which request so it can route responses back correctly.

Without NAT: Every device - your phone, laptop, smart TV, thermostat - would need its own globally unique public IP address. With only 4.3 billion IPv4 addresses available and billions of connected devices, this would be impossible.

Types of NAT

There are several types of NAT, each serving a different purpose:

SNAT (Source NAT / Static NAT)

Static NAT creates a one-to-one mapping between a private IP and a public IP. Every time a specific internal device communicates with the internet, it always uses the same public IP. This is commonly used for servers that need to be consistently reachable from outside.

DNAT (Destination NAT)

Destination NAT changes the destination address of incoming packets. It is used to redirect traffic arriving at a public IP to a specific internal server. This is the mechanism behind port forwarding - incoming traffic on a specific port is translated to an internal IP and port.

PAT (Port Address Translation / NAT Overload)

PAT is the most common type of NAT and what most home routers use. It maps many private IPs to a single public IP by using different source port numbers to distinguish between connections. This is also called NAPT (Network Address and Port Translation) or "NAT overload."

NAT Type	Mapping	Use Case
Static NAT (SNAT)	One-to-one (private ↔ public)	Hosting servers with a dedicated public IP
Dynamic NAT	Many-to-many (pool of public IPs)	Organizations with a pool of public IPs
PAT / Overload	Many-to-one (port-based)	Home routers, most common type
DNAT	Changes destination address	Port forwarding, load balancing

How Home Routers Use NAT

Your home router performs PAT to connect all your devices to the internet through one public IP. Here is the process:

Your laptop (192.168.1.10:54321) sends a request to 93.184.216.34:443 (a website).
The router replaces the source IP and port: 203.0.113.50:12345 (public IP, random port).
The router records this mapping in its NAT table: 192.168.1.10:54321 ↔ 203.0.113.50:12345 → 93.184.216.34:443
The website responds to 203.0.113.50:12345.
The router looks up port 12345 in its NAT table, finds the mapping, and forwards the response to 192.168.1.10:54321.

This happens for every connection from every device, with the router managing thousands of simultaneous NAT entries.

Double NAT and CGN

Double NAT

Double NAT occurs when there are two NAT devices in sequence - for example, when your ISP's modem/router performs NAT, and then your own router also performs NAT. Your device might have a 192.168.1.x address, your router has a 10.0.0.x address from the ISP modem, and only the modem has a public IP.

Double NAT can cause problems with:

Port forwarding (you must configure forwarding on both devices)
VPN connections
Online gaming (strict NAT type)
Hosting services

To fix double NAT, put one device into bridge mode so it passes traffic without performing NAT.

CGN (Carrier-Grade NAT)

Carrier-Grade NAT (CGN), also called Large-Scale NAT (LSN), is NAT performed by your ISP. Instead of giving each customer a public IP, the ISP assigns private addresses (from the 100.64.0.0/10 range, per RFC 6598) and performs NAT at their infrastructure level.

CGN means you may not have a true public IP at all, which makes port forwarding, hosting, and some VPN protocols impossible without workarounds.

IPv6 Eliminates the Need for NAT

One of the key design goals of IPv6 is to eliminate NAT entirely. With 2¹²⁸ addresses available, every device can have a globally unique, publicly routable IPv6 address. This simplifies networking and eliminates the complications NAT introduces:

End-to-end connectivity: Devices can communicate directly without address translation, simplifying protocols like VoIP, gaming, and peer-to-peer applications.
No port forwarding needed: With a public address on every device, incoming connections work natively (controlled by firewalls instead of NAT).
Simpler routing: Routers do not need to maintain NAT state tables, reducing complexity and improving performance.

NAT Is Not a Firewall: A common misconception is that NAT provides security. While NAT does hide internal addresses, it is not a security mechanism - it is an address conservation technique. Always use a proper firewall for security, regardless of NAT.