NAT: Network Address Translation


Network address translation involves mapping one IP address to another. It is widely used, from home users through to large ISPs (Internet Service Providers). It became widespread when we started running out of public IP addresses.

NAT is usually applied by a router or a firewall. It allows a large network to use a single public IP address – assigned to a gateway router. Traffic from devices on the network is then translated to that single address. The router must keep track of the mappings used for the different devices.

NAT Advantages

NAT Disadvantages

Basic NAT

Basic NAT, or one-to-one NAT, maps each IP address to a different IP address. For example, mapping addresses from to may result in being mapped to Basic NAT doesn’t help save address space, but it can help interconnect networks with different addressing schemes.

One-to-many NAT

One-to-many NAT is the most useful, and most common implementation of NAT. Because multiple addresses all get mapped to a single one, the router must have a way of distinguishing the traffic which comes back. A common way of doing this is to use port numbers to differentiate between the streams of traffic and translate back to the original IP addresses. This type of NAT is sometimes called Port Address Translation (PAT) or Network Address and Port Translation (NAPT).

How it Works

There are several different ways of implementing one-to-many NAT, but typically it is something like this:

Outbound traffic will have its source IP address (IP_A) and source port (PORT_A) translated to the external, public, IP address (IP_B) and a particular source port (PORT_B).

These translations are recorded in a translation table, the IP header is changed, and the packet is routed onwards.

Inbound traffic is looked up against the translation table. If the destination address matches IP_B (the external address) and the destination port matches PORT_B, then the traffic will be mapped to IP_A:PORT_B.

The IP header is updated, and the packet is routed to the original host.

IP Masquerading

IP masquerading is the implementation of one-to-many NAT commonly used to ‘hide’ a network of private addresses behind a single public IP address. An example of this is home routers – all devices on a home network will typically be assigned a private address. When traffic transits the router to the ISP, the private addresses will be mapped to a single public IP address.

Other Lessons

Learn more by checking out these related lessons

Firewalls in Computer Networking



TCP: The Transmission Control Protocol



The Complete Guide to IPv4 Subnetting



UDP: User Datagram Protocol




This lesson is part of the following courses.

Computer Networking Foundations