Network Address TranslationEdit

Network Address Translation (NAT) is a technique used at the boundary between networks to alter the IP address information in IP packet headers as they pass through. In practice, NAT lets multiple devices on a private, non-routable network share a single or a small set of public IP addresses when accessing the wider Internet. This has made NAT a ubiquitous feature in home routers, corporate gateways, and many service-provider edge devices. The method emerged in response to the exhaustion of IPv4 addresses and has shaped how networks are designed and deployed in the modern Internet. See IPv4 and IPv6 for related addressing schemes and transition mechanisms.

NAT is not a security feature in itself, even though it can provide some incidental protection by obscuring internal address structures. Its adoption reflects a pragmatic compromise between the ecological need to conserve public addresses and the desire for interoperable connectivity. NAT interacts with a wide range of applications and protocols, which has sparked ongoing discussion about its long-term viability in a world moving toward widespread IPv6 deployment. See End-to-end principle for a related design philosophy and debates about how NAT aligns with or departs from it.

Overview

What NAT does

• NAT translates private (non-routable) IP addresses used inside a local network to one or more public (routable) addresses used on the Internet. A translation table on the NAT device records the mappings so replies can be routed back to the correct internal device. See Private network and Router (computing) for context.
• In many installations, NAT also translates port numbers, enabling multiple internal devices to share a single public address. This mode is often referred to as Port Address Translation (PAT) or NAT with Port Translation. See Port forwarding and NAT traversal for related topics.

NAT types

• Static NAT: one public address to one private address mapping, typically used when a device must always be reachable from outside the network.
• Dynamic NAT: a pool of public addresses is used to map a set of private addresses on demand.
• PAT (often called NAT overload): many private addresses share a single public address by multiplexing connections through different port numbers.
• NAT66, NAT64, and related variants: specialized forms of NAT used to interoperate between IPv4 and IPv6 networks or to bridge between different addressing schemes. See NAT64 and NAT66 for details; for IPv6-only environments, the role of NAT is different and often limited or avoided.

Architectures and deployment

• Home and small-business networks typically use a consumer-grade router performing NAT as the default gateway to the Internet. See Home network and Gateway (hardware) for broader context.
• Enterprise networks often place NAT at the edge (sometimes alongside firewalls and intrusion detection systems) to manage external access and to conserve public address space. See Enterprise networking.

Use cases and limitations

• Address conservation: NAT enables many devices to access the Internet using fewer public addresses. See IPv4 address exhaustion for historical context.
• Security by obscurity: NAT can make direct inbound connections harder, though it is not a substitute for dedicated security controls. See Firewall (networking) for more on layered security.
• End-to-end connectivity challenges: NAT disrupts the original end-to-end addressing model of the Internet, complicating certain protocols and applications that embed addressing within payloads or require direct peer-to-peer connections. See End-to-end principle.

Protocols, applications, and NAT traversal

• Some applications (peer-to-peer file sharing, video conferencing, online gaming) face obstacles when traversing NAT, because peers may be hidden behind private addresses. Techniques such as hole punching and traversal protocols are used to establish direct paths when possible. See NAT traversal.
• Protocols with embedded addresses or certain encrypted tunnels can be problematic with NAT, requiring application-layer gateways or NAT-aware implementations. See Application-layer gateway.

History and standards

NAT arose in the late 20th century as a practical response to IPv4 address scarcity. Early discussions framed NAT as a transitional technology rather than a permanent architectural feature. The concept and its variants were formalized in several standards and proposals, including early references to network address translation and related mechanisms. See RFC 1631 for foundational material, and follow-on discussions and developments such as NAT-PT (a protocol-translation approach now largely superseded) and NAT64/NAT46 for IPv6 interoperability. For a broad technical overview, see also discussions of IPv4 address exhaustion and the evolution toward IPv6.

Contemporary usage and alternatives

• IPv6 adoption reduces the need for traditional NAT by design, because each device can have a globally routable address. Nevertheless, NAT remains common in mixed IPv4/IPv6 networks and in certain deployment scenarios. See IPv6 for the addressing model and related transition strategies.
• Stateful NAT64 and DNS64 provide means for IPv6-only clients to reach IPv4 servers, maintaining functional interoperability while the Internet migrates toward IPv6. See NAT64 and DNS64.
• In practice, NAT is often paired with a firewall in a layered security model, contributing to perimeter defense without replacing dedicated security controls. See Firewall (networking).

See also

• IPv4
• IPv6
• NAT traversal
• Port forwarding
• Firewall (networking)
• End-to-end principle
• Router (computing)
• Private network