Sign in Subscribe

How does NAT (Network Address Translation) work in a router?

Last updated on 

Network Address Translation (NAT) is a technique used in routers to enable multiple devices on a local network to share a single public IP address for communication with devices on the internet. This process involves mapping private IP addresses used within the local network to a single public IP address that is visible on the internet. NAT helps alleviate the shortage of available IPv4 addresses and adds an additional layer of security by hiding the internal network structure.

  1. Local Network Setup:
    • Devices within a local network are assigned private IP addresses, such as those defined in the RFC1918 address space (e.g., 192.168.x.x, 10.x.x.x, 172.16.x.x).
  2. Outgoing Packet from Local Device:
    • When a device within the local network initiates communication with a device on the internet, the router intercepts the outgoing packet.
  3. Translation Table Lookup:
    • The router maintains a NAT translation table that keeps track of the mapping between local private IP addresses and the corresponding temporary public IP addresses.
  4. Source NAT (SNAT) Operation:
    • The router replaces the source IP address and port number of the outgoing packet with its own public IP address and a dynamically assigned port number (from the NAT table). This is known as Source NAT (SNAT) or PAT (Port Address Translation).
  5. Updating Translation Table:
    • The router updates the NAT translation table with the new entry, including the private IP address, original source port, public IP address, and assigned port.
  6. Routing to the Internet:
    • The router forwards the modified packet to the internet using its public IP address.
  7. Incoming Packet to the Router:
    • When a response is received from the internet, the router examines the destination IP address and port number.
  8. Destination NAT (DNAT) Operation:
    • The router looks up the NAT translation table to find the corresponding private IP address and original port number. It then replaces the destination IP address and port number in the incoming packet with the original values.
  9. Forwarding to the Local Device:
    • The router forwards the modified packet to the appropriate local device on the internal network.
  10. Translation Table Cleanup:
    • The router updates the NAT translation table to remove the entry for the communication session.