1. Bicom Systems
  2. Solution home
  3. PBXware
  4. HOWTOs

General :: Basic NAT Knowledge

Network Address Translation (NAT)



Network Address Translation (NAT) is a crucial aspect of modern networking, facilitating communication between devices with private IP addresses and the public internet. It operates at the network layer of the OSI model, specifically translating private IP addresses into public ones and vice versa. NAT conserves public IP addresses by allowing multiple devices on a private network to share a single public IP address.



General NAT example:


Let's say you have a home network with multiple devices, such as computers, smartphones, and a smart TV, all connected to a router. Your Internet Service Provider (ISP) has assigned you a single public IP address, which is used by your router to communicate with the internet.

When any device on your home network wants to access the internet, it sends a request to the router. The router, acting as a NAT device, replaces the private IP address of the requesting device with its own public IP address before forwarding the request to the internet. This process is called outbound NAT or source NAT.

For example, if your smartphone with a private IP address of 192.168.1.2 wants to access a website, it sends a request to the router. The router changes the source IP address in the request from 192.168.1.2 to its public IP address, let's say 203.0.113.5, and sends the request to the website. When the website responds, the router receives the response, remembers which internal device made the request, and forwards the response back to the smartphone by reversing the translation.

Similarly, when data from the internet is sent back to your home network in response to a request initiated by one of your devices, the router uses this remembered information to translate the public IP address back to the appropriate private IP address. This process is called inbound NAT or destination NAT.

In this way, NAT allows multiple devices on your private network to share a single public IP address, while also providing a level of security by hiding the internal IP addresses of your devices from the outside world.


There are several types of NAT:

    - Static NAT

    - Dynamic NAT

    - Port Address Translation (PAT)


Static NAT maps a private IP address to a single public IP address permanently, while Dynamic NAT assigns public IP addresses from a pool on a first-come, first-served basis.


Port Address Translation (PAT), also known as NAT overload, is an extension of traditional Network Address Translation (NAT) that allows multiple devices on a private network to share a single public IP address. Unlike traditional NAT, which maps each private IP address to a unique public IP address, PAT maps multiple private IP addresses to a single public IP address using unique source port numbers. This means that PAT not only translates IP addresses but also modifies the source port numbers of outgoing packets, which means PAT operates on layer 3 & 4 (network and transport) of the OSI model. By using different source port numbers, PAT enables the router to distinguish between different internal devices. PAT is commonly used in home and small office networks where only a limited number of public IP addresses are available.


General PAT example:


Let's say you have a small office with two computers (Computer A and Computer B) connected to a router, which has a single public IP address assigned by your Internet Service Provider (ISP).

Computer A wants to browse a website, so it sends a request to the router. The router, acting as a PAT device, modifies the source IP address of the request from Computer A's private IP address to its own public IP address. Additionally, the router assigns a unique source port number to the request, such as port 1055.

Similarly, if Computer B simultaneously wants to access a different website, the router assigns a different source port number to its request, such as port 1056.

Now, when the router receives responses from the websites, it uses the unique source port numbers to determine which internal device to forward the responses to. For example, if a response arrives destined for port 1056, the router knows to forward it to Computer B.

In this way, PAT allows all computers in the small office to share the same public IP address while maintaining separate connections by using different source port numbers. This enables efficient utilization of the limited public IP addresses provided by the ISP and allows multiple devices to access the internet simultaneously.


There are two types of PAT:

    - Static

    - Dynamic (Overloaded PAT)



Static PAT implies a translation of the IP address and Port, where the post-translation attributes are explicitly defined. Since the pre-translation IP:Port and post-translation IP:Port in a Static PAT are explicitly defined, the initial packet could have come from either the Internet hosts or the inside hosts, meaning a Static PAT translation is bidirectional. 


One specific use case for Static PAT is to use a single Public IP address to host multiple services on different internal servers. This is in contrast with a Static NAT which would only allow you to use a single Public IP address to host multiple services on the same server. If you use a Static PAT in this way (where one public IPv4 address is used to host multiple services on multiple servers), then you are conserving IPv4 address space.


Dynamic PAT implies a translation of the IP address and Port, where the post-translation attributes are selected by the router. Dynamic PAT only succeeds if the internal host sends the first packet. If the external host sends the first packet, it will be dropped when it reaches the translation device. Therefore, Dynamic PAT translation is unidirectional. If there is a need for certain ports to be accessible through a shared IP address, this can be achieved by using a Static PAT to selectively punch holes through the shared address of a Dynamic PAT.


Dynamic PAT is used any time multiple internal hosts need to share a single public IP address, and is often referred to as a many-to-one or one-to-many translation. Of all the types of Network Address Translation, a Dynamic PAT is the most conducive to conserving IP address space. It is common to have hundreds of internal hosts sharing one public IP address.


Hosts that are located inside the private network locally choose random source ports independently from other hosts on the network, and it is possible for two different hosts to randomly choose the same source port. Since administrators do not set ports in the Router's configuration, it is up to Router to select one for them. Router translates source IP address and randomly selects a new, unique source port number and records it in the Router's Translation Table. This translation table is also used for reverse translation of response packets when they return from the Internet.