What Is NAT (Network Address Translation)?

Nizam Ud Deen5 hours agoLast Updated: June 6, 2026

0 0 8 minutes read

Network address translation (NAT) is the process of mapping private IP addresses to a public IP address, and back, so many devices on a private network share one public address. NAT runs on a router at the boundary between a private network and the internet, rewriting the address information in each packet as it crosses. The Internet Engineering Task Force (IETF) defines NAT in documents including RFC 3022 and RFC 2663.

This article defines NAT, explains how it works through address and port rewriting, sets out why NAT exists, describes the types of NAT, explains NAT’s relationship to port forwarding, and covers NAT in IPv6 and the problem of double NAT. Each section states one part of the topic and connects it to the address translation at the center of the definition. The result is a complete account of what NAT is, how a router translates between private and public addresses, and why NAT became central to conserving IPv4 addresses.

Table of Contents

What Is NAT?

Network address translation (NAT) is the process of translating private IP addresses on a local network to a public IP address for internet communication, and translating the responses back. NAT lets many devices behind one router share a single public address, with the router tracking which internal device each connection belongs to. The defining traits of NAT are listed below:

Address translation rewrites the private source address of outgoing packets to the public address.
A NAT table records each translation so the router returns responses to the correct internal device.
Address sharing lets many private devices reach the internet through one public address.
Router placement runs NAT at the boundary between the private network and the internet.

NAT translates between the private addresses inside a home or office and the single public address the network presents, both defined in the overview of an IP address. The router that performs NAT sits at the edge of the local network, between it and the internet.

How Does NAT Work?

NAT works by having the router rewrite the source IP address and port of each outgoing packet to the public address, recording the mapping so it can reverse the change on the reply. NAT keeps a translation table that links each internal address and port to an external port, so responses return to the right device. The steps NAT follows are described below:

An internal device sends a packet with its private source address toward the internet.
The router rewrites the source, replacing the private address and port with the public address and a chosen port.
The router records the mapping in its NAT table, linking the internal address and port to the external port.
A reply arrives, and the router uses the table to rewrite the destination back to the internal device.

Port address translation (PAT), the most common form, assigns a unique external port to each connection so one public address serves many devices at once. The router distinguishes connections by the network ports recorded in the NAT table, even when they share the public address.

Why Does NAT Exist?

NAT exists primarily to conserve IPv4 addresses, letting many devices share one public address because the IPv4 address space cannot supply a unique public address to every device. NAT emerged as IPv4 addresses grew scarce, allowing private networks to use internal address ranges while presenting one public address to the internet. The reasons NAT exists are listed below:

IPv4 conservation stretches the limited 32-bit address space by sharing public addresses.
Private addressing uses reserved ranges, defined in RFC 1918, that never appear on the public internet.
Address independence lets an internal network keep its addressing while the public address changes.
A side effect of isolation hides internal addresses, since outside hosts see only the public address.

The IPv4 address space holds about 4.3 billion addresses, far fewer than the number of connected devices, which made NAT necessary for address sharing. The successor protocol with a vastly larger address space is compared in the IPv4 versus IPv6 comparison.

What Are the Types of NAT?

The main types of NAT are static NAT, dynamic NAT, and port address translation (PAT), which differ in how they map private addresses to public ones. A NAT type defines whether the mapping is fixed, drawn from a pool, or shared across one address by port. The types of NAT are listed below:

Static NAT maps one private address to one public address in a fixed, permanent pairing.
Dynamic NAT maps private addresses to public addresses drawn from a pool as needed.
Port address translation (PAT) maps many private addresses to one public address using distinct ports.
PAT, also called NAT overload, is the form most home and office routers use by default.

Port address translation, also called NAT overload, is the form behind nearly every home and office connection, letting all devices share one public address. Static NAT, by contrast, fixes one public address to one device, which suits a server that must remain reachable at a known IP address.

How Does NAT Relate to Port Forwarding?

Port forwarding is a static NAT rule that directs incoming traffic on a specific public port to a chosen device and port on the private network. NAT normally blocks unsolicited incoming connections, and port forwarding creates an exception so an outside host can reach an internal service. The relationship is described below:

NAT blocks unsolicited inbound traffic because the router has no table entry for a connection it did not start.
Port forwarding adds a fixed rule mapping a public port to an internal device and port.
Incoming requests on that port are forwarded to the specified device behind NAT.
Common uses include reaching a home server, game host, or remote desktop from outside the network.

Port forwarding lets a device behind NAT accept incoming connections, such as a game server or camera, by mapping a public port to it. The configuration steps appear in the guide to setting up port forwarding, often paired with a static IP for the target device so the rule stays valid.

Does IPv6 Need NAT?

IPv6 largely does not need NAT, because its 128-bit address space provides enough unique public addresses for every device to have its own. NAT exists chiefly to conserve scarce IPv4 addresses, a constraint that IPv6 removes by offering a far larger address space. The reasons IPv6 reduces the need for NAT are listed below:

A vast address space in IPv6 gives every device a unique public address without sharing.
End-to-end addressing lets devices connect directly, the original design of the internet.
No address scarcity removes the conservation motive that made NAT necessary for IPv4.
Firewalls, not NAT, provide the security boundary that NAT incidentally offered in IPv4.

IPv6 restores direct end-to-end addressing, so devices need no shared public address, though firewalls still control which connections are allowed. The differences between the two address versions are set out in the IPv4 versus IPv6 comparison.

What Is Double NAT and Why Does It Cause Problems?

Double NAT occurs when traffic passes through two NAT devices in sequence, such as a router behind another router, which complicates port forwarding and some applications. Double NAT translates addresses twice, adding a second layer that can break connections expecting a single boundary. The issues double NAT causes are listed below:

Two NAT layers arise when a router connects behind another router that also performs NAT.
Port forwarding breaks because a rule on one router does not pass traffic through the second.
Some applications fail when they rely on a single, predictable NAT boundary.
Resolving double NAT involves bridging one device or placing it in pass-through mode.

Double NAT commonly appears when a personal router sits behind an internet provider’s modem-router that also runs NAT. Setting one device to bridge or pass-through mode removes the second translation, restoring single-layer NAT and reliable port forwarding.

What Are the Advantages and Limitations of NAT?

NAT conserves IPv4 addresses and hides internal addressing, but it complicates inbound connections and breaks protocols that embed addresses in their data. NAT solves the problem of address scarcity while introducing constraints for applications that expect direct end-to-end addressing. The advantages and limitations of NAT are listed below:

Address conservation lets many devices share one public address, the central advantage of NAT.
Address hiding keeps internal addresses off the public internet, an incidental privacy effect.
Inbound complexity requires port forwarding for outside hosts to reach an internal device.
Protocol breakage affects applications that embed IP addresses in their payload, which NAT does not rewrite.

NAT breaks the original end-to-end model of the internet, which is why some applications need helpers or port forwarding to work behind it. The successor protocol that restores direct addressing without NAT is detailed in the IPv4 versus IPv6 comparison.

Key Takeaways

NAT translates private IP addresses to a public address and back, letting devices share one address.
It works by the router rewriting source addresses and ports and tracking them in a NAT table.
NAT exists chiefly to conserve the limited IPv4 address space.
Types of NAT are static NAT, dynamic NAT, and port address translation (PAT or overload).
Port forwarding is a static NAT rule that lets outside hosts reach an internal device.
IPv6 largely removes the need for NAT, and double NAT can break port forwarding.

What is NAT in simple terms?

NAT, or network address translation, lets many devices on a private network share one public IP address. A router rewrites the address in each packet as it crosses between the private network and the internet.

How does NAT work?

NAT works by having the router rewrite the source IP address and port of each outgoing packet to the public address. It records the mapping in a NAT table so it can return replies to the correct internal device.

Why does NAT exist?

NAT exists mainly to conserve IPv4 addresses. The IPv4 space holds about 4.3 billion addresses, far fewer than the number of devices, so NAT lets many devices share one public address through one router.

What are the types of NAT?

The main types are static NAT, which fixes one private to one public address; dynamic NAT, which uses a pool; and port address translation (PAT or NAT overload), which shares one public address by port.

Does IPv6 need NAT?

IPv6 largely does not need NAT, because its 128-bit address space gives every device a unique public address. Firewalls, rather than NAT, provide the security boundary in IPv6 networks.

What is double NAT?

Double NAT occurs when traffic passes through two NAT devices in sequence, such as a router behind another router. It complicates port forwarding and can break applications that expect a single NAT boundary.

Last Thoughts on NAT

Network address translation maps private IP addresses to a public address, and back, so many devices on a private network share one public address through a router. NAT works by rewriting source addresses and ports and tracking them in a NAT table, and it exists chiefly to conserve the limited IPv4 address space. The types of NAT are static, dynamic, and port address translation, and port forwarding adds a static rule that lets outside hosts reach an internal device.

IPv6 largely removes the need for NAT, while double NAT can break port forwarding. Readers can continue with the IPv4 versus IPv6 comparison, the guide to setting up port forwarding, the overview of an IP address, or the guide to how networks work.