Technology Explained

What Is Network Address Translation (NAT) and How Does It Work?

Matthew Hughes 19-05-2015

It’s ironic how one of the biggest threats to the Internet was a product of of nobody predicting how popular it would be.


Until recently, the predominant way to assign IP addresses to computers was with the IPv4 system IPv6 vs. IPv4 : Should You Care (Or Do Anything) As A User? [MakeUseOf Explains] More recently, there's been a lot of talk about switching to IPv6 and how it will bring a lot of benefits to the Internet. But, this "news" keeps repeating itself, as there's always an occasional... Read More . This allowed the creation of roughly 4.3 billion possible IP addresses, a significant portion of which were shared out to regional Internet authorities in blocks of 16.8 million.

Quite early on, it became all to apparent that there wouldn’t be enough supply to satiate the immense demand. With the exhaustion of the IP address supply looking inevitable, people looked for ways to ‘share’ IP addresses with more than one system. Thus, Network Address Translation was born (NAT), and the Internet was saved.

What is Network Address Translation?

For a computer to communicate with the Internet as a whole, it must have an IP address. Using the IPv4 system, these are unique, 32-bit numbers that are broken up into four different binary octets. It doesn’t matter whether it’s a server, or a computer, or an Xbox. If it doesn’t have an IP address, it’s not getting online.


But, there simply isn’t enough IP addresses to go around to give each host their own address. So, in order to make better use of the extremely limited address space available, we use Network Address Translation.


Network Address Translation allows a single device to sit between a local area network and the Internet, and forward traffic to the appropriate host. You probably know this as your router. The advantage of this is multiple computers can share the same IP public address.

This single device (usually a router How Does a Router Work? A Simple Explanation Routers may seem complicated, but they're actually quite simple. Here's a quick guide to routers, what they do, and how they work. Read More , switch, or hardware firewall) modifies IP packet headers on the fly, ensuring that the contents of the packet get to the intended destination.


However, it comes with a downside, as it becomes exponentially harder for hosts outside the local network to communicate with servers that are located behind the router.


There are multiple ways in which Network Address Translation can work, with the three of the most common being Dynamic NAT, Static NAT, and Overloading.

Dynamic NAT

With Dynamic NAT, a router will maintain a list of public IP addresses. When a host behind the network needs to transmit or receive, the router will select one of the public IP addresses that is not currently in use, and forward any packets accordingly. As a result, this means a host’s IP address can change at any given moment.

But crucially, it means a large pool of hosts can share a significantly smaller pool of IP addresses. This was vital, given the impending exhaustion of the available pool of IPv4 addresses.


A common way of performing network address translation is through something called ‘Overloading’, where multiple internal IP addresses are mapped to a single public IP address.


This is done by giving each internal host a corresponding port. For instance, suppose you’ve got three computers on an internal network, and a public IP address of Each of those internal computers could theoretically be accessible via, and

This is commonly known as Port Address Translation (PAT), Single-Address NAT, and port-level multiplexed NAT.

Static NAT

Finally, let’s talk about Static NAT.

Internal networks, like your home or office network, do not use the same IP addressing system that’s used on the public Internet. Any networked device effectively has two IP addresses. The first is a private one, and that’s only reachable from within that network. The second is the one that’s externally accessible.


Static NAT makes it possible to create a direct, one-to-one link between a private IP address and a static, public IP address What Is a Static IP Address? Here's Why You Don't Need One A static IP address is one that never changes. Dynamic IP addresses do change. We explain why you don't need a static IP address. Read More .

This, of course, will do nothing to mitigate against IPv4 address exhaustion. But that’s beside the point. If you want to expose a web server to the Internet, for example, you’re going to want to ensure that its IP address stays the same. Static NAT allows you to do that.

But What About IPv6?

The world is rapidly transitioning from IPv4, with its savagely limited addressing space, to IPv6 IPv6 & The Coming ARPAgeddon [Technology Explained] Read More , which can support a theoretical total of 2^128 IP addresses.

To adequately express the enormity of that, that’s the equivalent of 340 undecillion, 282 decillion, 366 nonillion, 920 octillion, 938 septillion, 463 sextillion, 463 quintillion, 374 quadrillion, 607 trillion, 431 billion, 768 million, 211 thousand and 456.


That’s a lot of IP addresses.

So, with that in mind, do we need Network Address Translation any more, given that there’s a glut of available IP addresses that will almost certainly never be exhausted?

Well, NAT comes with some other key benefits. Perhaps the most obvious is the fact that it inadvertently acts as a ‘firewall’ How Does A Firewall Work? [MakeUseOf Explains] There are three pieces of software that, in my opinion, make the backbone of a decent security setup on your home PC. These are the anti-virus, the firewall, and the password manager. Of these, the... Read More to any systems behind the router. Any services running from within that network (be that a private file server, or a private web server running a Wiki) are inaccessible outside of that network.

Simply put, NAT drastically improves the security of any system behind it.


NAT is an ostensibly dry technology, that’s almost impenetrable to understand. But don’t let that fool you. Without it, the Internet would look radically different.

Got any thoughts? Let me know. Drop me a comment below, and we’ll chat.

Image credit: IPv6-IPv4 by Abode of Chao

Related topics: Computer Networks, IP Address, LAN.

Affiliate Disclosure: By buying the products we recommend, you help keep the site alive. Read more.

Whatsapp Pinterest

Leave a Reply

Your email address will not be published. Required fields are marked *

  1. cheap iptv
    February 5, 2019 at 6:07 pm

    I'm still learning from you, but I'm improving myself. I certainly liked reading all that is posted on your website.Keep the posts coming. I enjoyed it!

  2. Kaleb
    May 19, 2016 at 7:03 pm

    You might be interested in a report done in 2013 on NAT by a fairly large group of engineers, from a number of different companies in the Internet ecosystem. Check it out:

  3. DonGateley
    May 21, 2015 at 1:00 am

    "Simply put, NAT drastically improves the security of any system behind it."

    Not sure I understand that. Can't a firewall be made to work just fine without network address translation? As far as anonymity, I consider the IP of my router to be as much an exposure as the IP's of what's connected to it.

    • Bruce Epper
      June 24, 2015 at 6:11 am

      A firewall works just fine without NAT, but NAT does enhance your security and most firewalls are what provides the NAT function in the first place.

      In order for a machine outside of your network to connect to a machine inside your network, you would need to set up port-forwarding to pass packets to the machine in question. If you have not enabled port-forwarding, a machine outside of your network has no way to initiate communications with any specific machine inside your network.

      In general, NAT works by only allowing a connection back into your network using a connection to a machine that was previously established from inside your network. This is part of the normal functioning of a dynamic firewall/NAT.

      In other words, when your local machine connects via NAT to Google, you can get the results from that connection because it was originally established from your network to Google's server. The tables in the device performing the NAT function knows that Machine A connected to Google via HTTP and would be expecting a return message.

      If any random machine outside of your network attempts to create a connection with a machine inside your network, all they have is your external IP address (WAN, DMZ, or another intermediate network) and nothing in the NAT's tables are connecting it with a specific communication from any of your machines, so the packet(s) will be dropped.

    • reza
      December 30, 2016 at 9:38 pm

      To be honest NAT`s existence is more to do with saving IP addresses than to do with security IMHO. Without NAT our IPv4 should be run out few years ago but with NAT in place we been saved for couple a years ahead. Security is next step in regard with NAT.

  4. johnny
    May 20, 2015 at 5:05 pm

    What type of article is this, cant read anything on the right.

    • Matthew Hughes
      May 20, 2015 at 9:53 pm

      It's fixed now! Have a read and let me know what you think!

  5. James Knott
    May 20, 2015 at 4:06 pm

    I also had the same problem on both Firefox and Chrome, on both Linux and Windows. Whoever set up this page is clearly incompetent.

    "Nice 6/8ths of the article"

    I only get 3/4s. ;-)

    • Matthew Hughes
      May 20, 2015 at 9:53 pm

      Ha, well it's fixed now. Have a read and let me know what you think!

    • James Knott
      May 21, 2015 at 1:34 am

      It appears to be OK now.


  6. James Franco
    May 20, 2015 at 3:21 am

    Nice 6/8ths of the article

    • Matthew Hughes
      May 20, 2015 at 9:53 pm

      It's fixed now! Have a read and let me know what you think!

  7. matthew
    May 19, 2015 at 8:45 pm

    AdBlocker works perfectly for articles like this with the right side being obscured by "clouds"

    • Matthew Hughes
      May 20, 2015 at 9:52 pm

      Wasn't an advert! Just an unclosed HTML tag in the article.

      Try now! It's fixed.

  8. DonGateley
    May 19, 2015 at 7:08 pm

    I've got the same format problem with FF 38.0.1. All right justified content obscures any left justified content, i.e. the article.

    • Matthew Hughes
      May 20, 2015 at 9:52 pm

      It's fixed now!

  9. Charles
    May 19, 2015 at 4:45 pm

    It would be nice to read full article!!! Every box on /in right colunn cuts off text in left column..

    • Matthew Hughes
      May 20, 2015 at 9:51 pm

      Try now! It's fixed.