NAT

NAT (Network Address Translation) allows multiple devices on a private network to share a single public IP address when communicating with the internet. It's how your entire office accesses the internet through one IP assigned by your ISP.

IPv4 has roughly 4.3 billion addresses — not enough for every device on the internet. NAT solves this by letting an entire private network share one (or a few) public IPs. Your firewall or router performs NAT: outgoing traffic gets the public IP as its source address; incoming responses are translated back to the correct internal device.

The internal address ranges used behind NAT are private IP ranges defined by RFC 1918 — 192.168.x.x, 10.x.x.x, 172.16.x.x to 172.31.x.x. These addresses aren't routable on the public internet, which is part of what makes NAT work: the same 192.168.1.x range can exist behind every NAT device in the world without conflict.

Port Address Translation (PAT) — sometimes called NAT overload — is the specific technique that lets thousands of devices share a single public IP by tracking connections via port numbers. This is what almost every home and office network uses.

NAT is also a minor security benefit: devices behind NAT aren't directly reachable from the internet, because inbound connections have nowhere to go without an explicit port forwarding rule. This isn't a substitute for a firewall, but it does reduce the exposed attack surface.

IPv6 was designed to eliminate the need for NAT by providing enough addresses for every device to have a public IP. Adoption has been slow; most networks remain dual-stack or IPv4-only with NAT for the foreseeable future.