NAT, or Network Address Translation, is a process that network devices use to simplify the transfer of data from the internet to a local network.
This guide will run through everything you need to know about what NAT is, what it does, and how it helps you get connected to the internet.
What is NAT?
All devices on any given network that's connected to the internet have something called an Internet Protocol (IP) address. Much like a house has an address so mail meant for the occupants ends up in the right place, computers have IP addresses so that data packets sent across networks reach their desired destinations.
NAT is a process that essentially translates IP addresses on a local network – say, for example, from three separate computers – into one IP address which can be used by your router when connecting to and receiving data from the internet, instead of three separate one for each device.
NAT is usually deployed on the perimeter of a network, in between the inside and outside of the network. Other computers or entities transferring data to this network will not see the individual IP addresses of the computers, and will instead just see the one assigned via NAT. This is a process sometimes performed by a network firewall, but many routers act as or come with firewalls.
NAT in 6 steps
These are the 6 steps that generally take place during the network address translation process. This literally happens in milliseconds and is thus virtually instantaneous.
- A device in a network makes a request to a computer over the internet.
- Network routers realize this is not an internal network request.
- The request is rerouted to the network firewall (probably the router).
- The firewall reads the request along with the private/internal IP address.
- The firewall then makes the request over the internet with a public IP.
- The request (if answered) is then relayed back through the firewall to the individual device.
On a normal network, this might not seem that impressive – but if you have a private network like many large businesses will do, then you can have hundreds of devices using the same IP address for their communication with the internet.
Why is NAT used?
The creation of NAT was partly driven by a desire to conserve IP addresses. Before IPv6 was created – the protocol with so many IP addresses, it's unlikely to run out during our lifetimes – IPv4 address exhaustion was a serious concern. NAT is one of the surefire ways to mitigate the IP address depletion, as it can utilize one public IP address for a number of devices.
NAT has some features which resemble security mechanisms or, rather, have the same sort of effect as them. It provides a level of privacy by ensuring that the internal IP addresses of computers on a local network are not visible or accessible to those outside of it. Before packets of data pass through the router and are sent to the relevant devices, NAT determines whether the data is expected, and can discard it if not. This 'check' before data enters networks using can be a useful tool in preventing malware from making its way through to devices and is the reason some people perceive it to be a security tool despite that not being its function.
NAT also helps network owners or managers keep a detailed account of all the data coming in and out of a network – which is also useful for security reasons.
Different types of NAT
There are three different types of network address translation, and it's useful to know how each of them differs.
| Static NAT – this describes a situation where one public IP address is assigned to one private or local IP address. This type of NAT is used a lot in web hosting. |
| Dynamic NAT – This is when multiple IP addresses on a local network are connected to a pool of public IP addresses. This is used when it is known that a number of users on a network want to access the internet simultaneously. |
| Port Address Translation – This describes instances where one single public IP address is assigned to all the different devices on a given network. Port numbers are used to make sure that the right traffic gets to the right device. |
NAT on game consoles
NAT has become an important concept in video-gaming because it is used to describe the state of your connectivity to other uses. Different consoles have slightly different ways of both defining and using NAT.
Playstation
Playstation, or more accurately Sony, have three NAT types for their users to use. 'Nat type 1' is considered one route to a good gaming experience. This allows unrestricted data transfer between all the devices on the Playstation network. Despite the advantages, however, it is the least secure.
Nat type 2 is probably the best for gaming because it means your PlayStation is connected behind a router, is receiving incoming data packets and requests from other players. Nat type 3, on the other hand, is not good news. This means your router is struggling to forward connections to the console and you won't be able to use video or audio chat.
Xbox
Xbox, owned by Microsoft, has named their NAT types 'Open, Moderate, and Strict'. NAT Type Open means your Xbox can receive requests from other players to join and play games. With this NAT type, you'll be able to host lobbies and chat with audio or video.
NAT Type Moderate means that although a lot of the ports on your router will be forwarded, this isn't necessarily going to happen all the time. Some may be blocked too. If your NAT type is moderate, you're more likely to experience lag whilst gaming, and it's unlikely you'll be able to be a host either. NAT Type Strict is the worst-case scenario, just like the Playstation. On Xbox, it means you don't have your ports configured correctly and you'll need to change that.
Are there other ways to hide my device's IP address?
As will now know, one of the advantages of NAT, despite it not being a security mechanism, is that the local, private IP addresses that belong to individual devices are not displayed.
If you'd like a piece of tech that masks your IP address and is specifically designed for privacy and security reasons – then look no further than a Virtual Private Network, also known as a VPN.
VPNs ensures that the websites you visit – or anyone who happens to be monitoring your internet traffic – won't be able to discover your IP address. They do this by rerouting your traffic through a private server before it gets to the internet. If you search something on Google, for example, the IP address Google sees the result coming from the private server, not your device.
A note on VPN passthroughs
Sometimes, using outdated VPN protocols can be blocked if you're using them with NAT. If this is the case, your router might need a VPN passthrough. Have no fear – most routers these days have built-in pass-throughs, and some VPNs – including many on the list below – use advanced protocols which don't require a passthrough.
The best VPNs on the market come with their own malware protection, end-to-end encryption and can help you unblock some of the most sought-after geo-restricted content from across the world by spoofing your location. Here are our top VPNs for 2024:
- ExpressVPN - Our best VPN recommendation. It provides fast speeds and takes privacy seriously.
- NordVPN - The best VPN for unblocking all major streaming services.
- Surfshark - The best cheap VPN. Don't be fooled by the price, Surfshark is a premium VPN with a budget price tag.
- Private Internet Access - One of the largest VPNs, voted best VPN by Reddit
- PrivateVPN - One of the cheapest VPNs out there, but an incredibly good service