What Is NAT (Network Address Translation)?

Q: What is NAT and how does it work?

NAT, or Network Address Translation, lets many devices share one public IP address. Each device has a private IP on the local network, and the router rewrites the addresses on outgoing traffic so everything appears to come from the single public IP. Replies return to the router, which translates them back to the correct internal device.

Q: What is the difference between NAT and a firewall?

NAT translates private addresses to a shared public address so devices can reach the internet, and as a side effect it blocks unsolicited inbound traffic that has no mapping. A firewall is a deliberate policy engine that allows or blocks traffic by rule. NAT gives incidental protection, a firewall gives intentional control, and most routers do both.

Q: Why does my device have a private IP address?

Because it lives behind your router, which holds the single public address on behalf of every device. There are not enough IPv4 addresses for each device to have its own public one, so private addresses from ranges like 192.168.x.x are reused inside every network and never routed on the public internet.

Q: What is the difference between NAT and PAT?

Plain NAT maps one private address to one public address. PAT, or Port Address Translation, also called NAT overload, maps many private devices onto one public IP by tracking port numbers, giving each connection a unique source port. Home routers actually use PAT, so when people say NAT on a home network they usually mean PAT.

Q: Does NAT change my public IP address?

No. NAT does not change your public IP, it shares one public IP across many private devices by translating addresses. Your public IP is assigned by your ISP. NAT also does not encrypt traffic or hide it from your ISP, so to change what the internet sees as your address you would use a VPN, not NAT.

~/sheets/what-is-nat.md

One Public IP, Many Devices
Network Address Translation (NAT) is how a whole household of devices — phones, laptops, TVs — share a single public IP address. Each device gets a private IP on the local network (from the RFC 1918 ranges like 192.168.x.x or 10.x.x.x), and your router rewrites the addresses on outgoing traffic so everything appears to the internet as coming from your one public IP. Replies come back to the router, which translates them back to the right internal device.
You can see this split yourself: the address your device shows internally is private, but the address the internet sees — shown on our IP Lookup and on the home page — is the single public one your router presents.
Why Your Device Has a Private IP
There are not enough IPv4 addresses for every device on Earth to have its own public one. NAT solves that by letting private addresses be reused inside every network — billions of devices can all use 192.168.1.10 on their own LANs because those addresses are never routed on the public internet. Your device has a private IP because it lives behind your router, and the router holds the public address on everyone's behalf. (IPv6 has enough addresses to avoid this, but NAT remains universal on IPv4.)
NAT vs PAT
Plain NAT maps one private address to one public address. PAT (Port Address Translation), also called "NAT overload," is what home routers actually do: it maps many private devices onto one public IP by also tracking port numbers. Each outgoing connection is given a unique source port, so when a reply arrives the router knows exactly which internal device and connection it belongs to. When people say "NAT" on a home network, they almost always mean PAT.
NAT vs a Firewall
They are different functions that often live in the same box. NAT translates addresses so devices can share a public IP — and as a side effect, unsolicited inbound traffic has nowhere to go because the router has no mapping for it, which blocks a lot of probing. A firewall is the deliberate policy engine that allows or blocks traffic by rule. NAT gives you incidental protection; a firewall gives you intentional control. Most routers do both.
What NAT Does Not Do
NAT does not encrypt anything — your traffic is just as visible to your ISP as it would be without it. It is an addressing mechanism, not a privacy tool. If you want to change what the internet sees as your address, NAT is not the lever; a VPN is. Some carrier networks add another layer called CGNAT (carrier-grade NAT), where even your "public" router address is shared and drawn from the 100.64.0.0/10 range — which is why some home users cannot host servers or get a truly public IP without asking their ISP.
Frequently Asked Questions
What is NAT and how does it work?
NAT, or Network Address Translation, lets many devices share one public IP address. Each device has a private IP on the local network, and the router rewrites the addresses on outgoing traffic so everything appears to come from the single public IP. Replies return to the router, which translates them back to the correct internal device.
What is the difference between NAT and a firewall?
NAT translates private addresses to a shared public address so devices can reach the internet, and as a side effect it blocks unsolicited inbound traffic that has no mapping. A firewall is a deliberate policy engine that allows or blocks traffic by rule. NAT gives incidental protection, a firewall gives intentional control, and most routers do both.
Why does my device have a private IP address?
Because it lives behind your router, which holds the single public address on behalf of every device. There are not enough IPv4 addresses for each device to have its own public one, so private addresses from ranges like 192.168.x.x are reused inside every network and never routed on the public internet.
What is the difference between NAT and PAT?
Plain NAT maps one private address to one public address. PAT, or Port Address Translation, also called NAT overload, maps many private devices onto one public IP by tracking port numbers, giving each connection a unique source port. Home routers actually use PAT, so when people say NAT on a home network they usually mean PAT.
Does NAT change my public IP address?
No. NAT does not change your public IP, it shares one public IP across many private devices by translating addresses. Your public IP is assigned by your ISP. NAT also does not encrypt traffic or hide it from your ISP, so to change what the internet sees as your address you would use a VPN, not NAT.
Last updated: April 2026