NAT stands for Network Address Translation. It allows multiple devices on a private network to share one public IP address when accessing the internet — solving the problem of IPv4 address exhaustion.

There are not enough public IPv4 addresses for every device in the world. NAT solves this by translating private IPs like 192.168.x.x into a single shared public IP when traffic leaves your network.

🏢
Simple Analogy
NAT is like a receptionist at an office building
All outgoing requests go through one public front desk — the receptionist remembers who asked and routes responses back to the right person inside.

How NAT Works

Here's a real example. Your home network looks like this:

Example network — how NAT translates addresses
Your Device
192.168.1.25
private IP — not visible on internet
Your Router (Gateway)
192.168.1.1
performs NAT translation
Public IP (ISP-assigned)
73.45.88.200
what the internet sees
1
Your computer sends a request from 192.168.1.25 to the router
2
The router replaces your private IP with its public IP 73.45.88.200 and records the mapping
3
The website responds to 73.45.88.200 (your public IP)
4
The router translates the response back to 192.168.1.25 and forwards it to your device

Types of NAT

Static
Static NAT
One private IP maps permanently to one public IP. Used for servers that must always be reachable at the same public address.
Dynamic
Dynamic NAT
Private IPs are mapped to a pool of public IPs on demand. Less common in home environments.
PAT
PAT — Port Address Translation
Most common type. Multiple private devices share one public IP, differentiated by port numbers. This is what your home router uses — also called "NAT overload."

PAT — Port Address Translation in depth

PAT (also called NAT overload) is the type of NAT used on virtually every home and small business network. It's what allows dozens of devices to share a single public IP address simultaneously — and it's heavily tested on both A+ and Network+.

The trick is port numbers. Each outbound connection gets a unique source port number assigned by the router. The router maintains a NAT translation table that maps each private IP + port to the public IP + port, so it knows exactly which device to send the response back to.

PAT translation table — example
Private IP : Port      → Public IP : Port      Destination
192.168.1.10 : 52341  →  73.45.88.200 : 1024   → google.com:443
192.168.1.10 : 52342  →  73.45.88.200 : 1025   → youtube.com:443
192.168.1.25 : 49871  →  73.45.88.200 : 1026   → google.com:443
192.168.1.42 : 61204  →  73.45.88.200 : 1027   → amazon.com:443

When google.com responds to 73.45.88.200:1024 — router knows to forward it to 192.168.1.10:52341

NAT types comparison — Network+ table

Type Mapping Use case Public IPs needed
Static NAT 1 private IP ↔ 1 public IP (permanent) Public-facing servers — web, email, FTP. The server must always be reachable at the same public IP. 1 per device
Dynamic NAT 1 private IP ↔ 1 public IP (from pool, on-demand) Organisations with a pool of public IPs but fewer than devices. Less common than PAT. 1 per active session
PAT / NAT Overload Many private IPs ↔ 1 public IP (tracked by port) All home routers and most small/medium businesses. Virtually universal. Just 1

Port forwarding — punching holes in NAT

NAT provides a natural firewall effect — unsolicited inbound traffic has nowhere to go because the router doesn't have a matching entry in its translation table. But sometimes you want inbound traffic to reach a specific internal device: a home server, a gaming console, a security camera.

Port forwarding creates a static NAT rule that permanently maps a specific public port to an internal IP and port. When traffic arrives on that port, the router forwards it straight to the designated device without waiting for an outbound connection.

Port forwarding example
Rule: forward external port 8080 → internal 192.168.1.100:80

Internet user visits: 73.45.88.200:8080
Router translates to: 192.168.1.100:80  (internal web server)

Without port forwarding — inbound traffic on 8080 would be silently dropped
With port forwarding — router has a static rule to forward it

NAT and security — the Security+ angle

NAT has security implications that appear on Security+. Understanding both the protection it provides and its limitations is important:

Security benefit

NAT acts as an implicit inbound firewall. Internal devices are hidden behind the public IP — their private addresses are not routable from the internet. Unsolicited inbound packets have no matching NAT entry and are dropped. This is not a substitute for a real firewall, but it does reduce the attack surface significantly compared to having every device publicly exposed.

Security limitation

NAT does not inspect traffic content — it only translates addresses. Malware on an internal device can still make outbound connections through NAT freely. NAT also complicates some security protocols (like IPsec in transport mode) because it modifies the packet headers that the cryptographic signature protects. NAT traversal techniques (like UDP hole-punching used by VoIP and VPNs) are needed to work around this.

How NAT Appears on the A+ Exam

Exam questions may ask:

"Why can multiple devices in a home use one public IP address?"
"What allows private IP addresses to access the internet?"
"What device performs NAT on a home network?"
⚡ CompTIA A+ Exam Tip

The router performs NAT. That's the answer the A+ exam is looking for every time.

Also know: PAT (Port Address Translation) is the specific type most home routers use — multiple devices share one public IP via different port numbers.

Troubleshooting — When NAT Goes Wrong

🔧 Scenario: Everything looks right, but no internet

A device has all three settings configured correctly, but still can't reach the internet:

Valid IP address (e.g. 192.168.1.55)
Valid subnet mask (e.g. 255.255.255.0)
Valid default gateway (e.g. 192.168.1.1)
Likely cause: The router's NAT function is misconfigured or disabled. The device can reach the router, but the router isn't translating outbound traffic to the public internet. Check the router's WAN settings and NAT/PAT configuration.

Final Summary

NAT stands for Network Address Translation
It lets multiple devices share one public IP address
PAT (Port Address Translation) is the most common type — used by home routers
The router performs NAT — this is the key exam answer
Private IPs (192.168.x.x) are invisible on the internet — NAT translates them to the public IP
If IP, mask, and gateway are all valid but internet fails — suspect NAT misconfiguration on the router
📚 Recommended Study Tools

Preparing for the A+ Exam?

Practice exams and structured review make NAT and networking scenarios automatic.

🧪 Take FREE Practice Exams 📖 Bestselling A+ Study Guide

Related Networking Articles

What Is a Default Gateway? What Is a Subnet Mask? What Is DHCP? What Is DNS? Network Troubleshooting Commands What is a VPN? Firewall Basics A+ Cheat Sheet Network+ Cheat Sheet OSI Model Explained TCP vs UDP Explained Build Your First Home Lab Firewall Basics Router vs Switch IPv4 vs IPv6 Explained

Preparing for the A+ Exam?

See the books, practice exams, and free resources that actually work.

See Best Study Resources →