Why NAT exists
The world has far more devices than available public IPv4 addresses. NAT lets an entire home or office network hide behind a single public address, conserving the scarce IPv4 space.
How it works
A NAT device, usually a router, rewrites the source address of outgoing packets from a private IP to its own public IP. It records the mapping in a translation table so replies find their way back.
- Outbound packets get a rewritten source address and port.
- The router stores the original private address and port.
- Inbound replies are matched against the table and rewritten back.
The common variant is PAT, port address translation, which multiplexes many internal hosts onto one public address by also tracking port numbers.
Tradeoffs
NAT breaks the assumption that every host is directly reachable. Inbound connections need port forwarding or hole punching, which complicates peer to peer apps and servers. It also provides a side effect of basic isolation, since internal addresses are not routable from outside.
Key idea
NAT rewrites addresses so many private hosts can share one public IP, at the cost of direct inbound reachability.