# NAT & PAT
The **IPv4 address space** only provides around 4.3 billion unique addresses in total. That number sounds big at first. But with so many devices popping up everywhere, like computers and smartphones along with IoT gadgets, smart TVs, and all sorts of sensors, it just was not enough anymore. Assigning a separate public IPv4 address to each one became totally impractical over time.
That is where private IP addressing came in, as outlined in **RFC 1918**, along with something called **NAT** or **Network Address Translation.** These ideas helped tackle the shortage head on. NAT basically lets a bunch of devices inside a private network share just one public IPv4 address, or maybe a handful of them, whenever they need to connect out to the internet.
| **Without NAT** | **With NAT** |
| ------------------------------------- | ------------------------------------- |
| Each device needs a unique public IP. | Multiple devices share one public IP. |
| IPv4 exhaustion occurs quickly. | IPv4 addresses are conserved. |
| Internal IPs are exposed directly. | Internal IPs remain hidden. |
NAT is implemented on a router or firewall that connects the local (private) network to the internet (public).
* **Inside Network** → devices use **private IPs** (e.g., `192.168.x.x`, `10.x.x.x`).
* **NAT Device** → translates private IPs into one or more public IPs.
* **Outside Network** → traffic uses public IPs on the internet.
The NAT device keeps a **translation table** going. This table tracks which internal connection matches up with which external one. That way, responses coming back from the internet can get routed to the right internal host.
**Types of NAT**
NAT can be implemented in different ways depending on how addresses are mapped:
| **Type** | **Description** | **Use Case** |
| ---------------------------------- | ---------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------- |
| **Static NAT** | One private IP is permanently mapped to one public IP (1:1 mapping). | Hosting servers that must always be reachable from outside (e.g., mail server). |
| **Dynamic NAT** | A private IP is mapped to any available public IP from a pool, dynamically. | Enterprise networks with multiple public IPs and many internal clients. |
| **PAT (Port Address Translation)** | Many private IPs share a single public IP by using different **ports** for each session. | The most common method, used in homes and small businesses. |
**PAT (Port Address Translation)**
**PAT** goes by the name **NAT overload** quite often. It stands as the most common type of NAT in use today. Rather than handing out a unique public IP to every internal device, PAT links all those devices to just one public IP address. It keeps them distinct by adjusting the source port number.
How it works:
1. A private device sends a packet out to the internet. The source shows up as `192.168.1.10 on port 12345`, and it heads to `93.184.216.34 on port 80`.
2. The NAT router then rewrites that source IP address from `192.168.1.10` over to the public IP of `203.0.113.5`. It might also adjust the source port from `12345` to something like `50001`.
3. The router keeps a record of this whole mapping right in its NAT table.
4. Once the reply packet comes back from the destination server, the NAT device checks that entry in the table. It forwards the packet along to the proper private device.
| **Private Device** | **Private IP:Port** | **Public IP:Port (NAT Translation)** |
| ------------------ | ------------------- | ------------------------------------ |
| Laptop | 192.168.1.10:12345 | 203.0.113.5:50001 |
| Smartphone | 192.168.1.11:12346 | 203.0.113.5:50002 |
| Smart TV | 192.168.1.12:12347 | 203.0.113.5:50003 |
From the internet’s perspective, all devices appear as one IP (`203.0.113.5`) but with different port numbers.
**Example PAT**
```
Private Network (LAN) NAT Device (Router) Public Internet
+---------------------+ +------------------+ +-----------------+
| Laptop 192.168.1.10 | ---> request | | | |
| Phone 192.168.1.11 | -------------> | NAT Table | --> 203.0.113.5 | Web Server |
| TV 192.168.1.12 | -------------> | 192.168.1.10:12345 -> 203.0.113.5:50001 |
+---------------------+ | 192.168.1.11:12346 -> 203.0.113.5:50002 |
| 192.168.1.12:12347 -> 203.0.113.5:50003 |
+------------------+ +-----------------+
```
**Advantages & Limitations of NAT**
NAT and PAT offer several key advantages. They help conserve IPv4 addresses in a big way. This approach is essential for prolonging the life of IPv4 for as long as possible. Another benefit comes from security through obscurity. It hides internal network addressing from the outside world pretty much completely. Flexibility stands out too. Entire networks can connect to the internet using just a single IP address. That makes things easier in many setups.
Still, NAT and PAT come with some real limitations. They break the end-to-end principle that defines the internet. IP addresses no longer uniquely identify hosts in the way they should. Applications needing incoming connections get complicated by this.
For example, hosting servers becomes tricky. VoIP calls face issues as well. Online multiplayer games run into problems too. Workarounds like port forwarding help somewhat. UPnP offers another option to allow external access to internal services. Even so, these fixes add extra steps. Address translation brings a slight latency overhead. It slows things down just a bit due to the processing involved.
**Beyond NAT: IPv6**
NAT was a **temporary solution** to IPv4 exhaustion. In theory, IPv6 (with 3.4 × 10^38 addresses) makes NAT unnecessary, since every device can have a unique global IP.
However, things have not gone that way yet. NAT remains widely used even now. IPv6 adoption stays incomplete across the board. Some organizations stick with NAT alongside IPv6. They do it for added security measures. Policy reasons play a role too. In a way, the old habits die hard.