Introduction
NAT is one of the more obscure protocols that we use in IT/Networking. In brief, NAT translates private IP addresses of your devices on the local network to a single public address for internet access, acting like a guard for your devices and conserving valuable public IP addresses.
Our home or office will have a public IP address. Use curl ifconfig.me in a command prompt to see your public IP address. Keep it secret, you don’t want people to know this just you don’t like random people to know your home address.
Your home or office will have many devices, each of which needing its own IP address so they will be given a private IP address by the router or DHCP server. 192.168.0.1 look familiar?
Private Address Ranges
| Range | Description |
| 10.0.0.0 – 10.255.255.255 | Commonly used for private networks, large enough for most organizations. |
| 172.16.0.0 – 172.31.255.255 | Another common private network range, divided into a larger usable space compared to 192.168.x.x. |
| 192.168.0.0 – 192.168.255.255 | Most common default range for home routers, offering a smaller pool of addresses suitable for home networks. |
| 169.254.0.0 – 169.254.255.255 | Link-local address range used for automatic configuration when a DHCP server is unavailable. Devices can communicate within the local network using these addresses but cannot access the internet. |
This gives us a situation where a laptop in Japan wants to send information to a company’s server in Rome and how does each device know where to send data packets when that IP address is private?
The other problem to think about here is how many devices are there globally compared to how many IP addresses there are. IPv4 uses 32 bit addresses which equals 2^32 possible addresses. This is roughly 4.3 billion. In 2024 there are in the region of 15 billion devices on the internet. So there clearly are not enough IP addresses to go around.
We need devices to have private addresses associated with a public address via a router (or Default Gateway) and this is where NAT comes in and it essentially works in your router to manage the private address communications with other addresses around the world.
How Does It Actually Work?
NAT uses Ports and a NAT Table to manage the private IP communications
Ports – virtual channels on your router that are used for different devices and applications or protocols. Webpages are on Port 80, 443 (HTTP, HTTPS).
NAT Table – the router maintains a table that tracks local private IP addresses with the ports they are using.
The Process
Outbound Traffic
- Data Source: When a device on your network wants to access something online (e.g., browsing a website), it sends a data packet with its private IP address as the source.
- Translation: The router intercepts the packet. It replaces the private source address in the packet header with its own public IP address.
- Port Assignment: The router assigns a unique port number to the packet to differentiate it from other outgoing traffic (think adding a mailbox number for the specific device). This port-public IP combination becomes the “return address” for replies.
- NAT Table Update: The router records the internal device’s private IP address, port number, and the website’s destination address in its NAT table for future reference.
- Sending the Packet: The translated packet, now with the router’s public IP and a port number, is sent out to the internet.
Inbound Traffic
- Receiving a Reply: When a response from the website arrives at your router, it has the public IP and port number used earlier.
- NAT Table Lookup: The router consults its NAT table to match the public IP and port with the original internal device that initiated the request.
- Address Swap: The router replaces the public IP address in the reply packet with the private IP address of the requesting device on your network.
- Delivering the Reply: The router forwards the modified packet with the correct internal address to the intended device within your network.
NAT Table
| Internal Device | Private IP Address | Port Number | Public IP Address (Router) | Destination IP Address | Protocol | Status |
| Laptop | 192.168.1.10 | 443 | 123.45.67.89 | www.example.com | https | Active |
| Smartphone | 192.168.1.20 | 80 | 123.45.67.89 | [invalid URL removed] | http | Active |
| Gaming Console | 192.168.1.30 | 3074 | 123.45.67.89 | 50.11.12.13 (Game Server) | udp | Established |
This imaginary NAT table shows how the IP address is associated with a Port Number and Destination IP Address. So when data is received from that Destination IP Address and on which Port, the router will know which private IP address to send it to.
In reality NAT is much more involved than this but the concept is clear. It uses Ports and Protocols to associate traffic with private IP addresses that are communicating on the world wide web.