If you have ever wondered how dozens of devices in your home can all access the internet through a single IP address, the answer is Network Address Translation (NAT). NAT is one of the most fundamental technologies in modern networking, quietly working inside every home and business router to share a single public IP address among many devices.
Why NAT Exists
The internet was built on IPv4, which provides approximately 4.3 billion unique addresses. With billions of devices now connected — smartphones, laptops, tablets, smart TVs, IoT devices, and more — there are not enough IPv4 addresses for every device to have its own public IP. NAT solves this problem by allowing multiple devices to share a single public IP address.
When you visit WheresThatIP.com, the IP address you see is your network's single public IP — shared by every device connected to your router. Each device has its own private IP address (like 192.168.1.5), but websites only see the shared public IP.
How NAT Works
NAT operates in your router and performs address translation between your private network and the public internet:
Outgoing Traffic (Your Device to the Internet)
- Your device (192.168.1.5) sends a request to a website
- The router receives the packet and replaces the source address (192.168.1.5) with its public IP (e.g., 203.0.113.10)
- The router also assigns a unique port number and records the mapping in its NAT table
- The packet goes out to the internet with the router's public IP as the source
Incoming Traffic (Internet to Your Device)
- The website sends a response back to your router's public IP and port
- The router looks up the port in its NAT table to find which internal device made the original request
- The router replaces the destination address with the device's private IP (192.168.1.5)
- The packet is delivered to the correct device
NAT Table Example
| Internal IP | Internal Port | External IP | External Port | Destination |
|---|---|---|---|---|
| 192.168.1.5 | 50001 | 203.0.113.10 | 40001 | 142.250.80.46:443 |
| 192.168.1.10 | 50234 | 203.0.113.10 | 40002 | 104.21.32.1:443 |
| 192.168.1.5 | 50002 | 203.0.113.10 | 40003 | 151.101.1.140:443 |
Notice that two different requests from the same device (192.168.1.5) get different external ports. This is how the router keeps track of which response goes where.
Types of NAT
Static NAT (One-to-One)
Maps a single private IP to a single public IP permanently. Used in businesses where a server needs a consistent public address. This does not save addresses — it is used for accessibility, not conservation.
Dynamic NAT
Maps private IPs to a pool of public IPs on a first-come, first-served basis. When a device needs internet access, it gets an available public IP from the pool. When it disconnects, the public IP returns to the pool.
PAT (Port Address Translation) / NAT Overload
The most common type. Maps many private IPs to a single public IP using different port numbers to distinguish connections. This is what your home router uses. Sometimes called "NAT overload" or "NAPT" (Network Address Port Translation).
CGNAT (Carrier-Grade NAT)
ISPs use CGNAT to share a single public IP among multiple customers (not just multiple devices in one household). This means your "public" IP might actually be shared with your neighbors. CGNAT uses the reserved IP range 100.64.0.0/10.
CGNAT can cause issues with:
- Port forwarding (you cannot forward ports through your ISP's NAT)
- IP-based access controls and whitelisting
- IP geolocation accuracy — the IP may geolocate to the ISP's NAT device, not your location
- Online gaming and peer-to-peer applications
NAT and Security
NAT provides an incidental security benefit: devices behind NAT are not directly reachable from the internet. Since incoming connections must match an existing entry in the NAT table, unsolicited incoming traffic is dropped. However, NAT is not a firewall — it was not designed for security, and it should not be your only line of defense.
For proper security, combine NAT with a firewall and keep your router firmware updated. Learn more about protecting your network in our guide on what someone can do with your IP address.
Port Forwarding: Working With NAT
Since NAT blocks unsolicited incoming connections, you need port forwarding if you want to run a server, host a game, or allow remote access to a device behind NAT.
Port forwarding creates a permanent rule in the NAT table:
External Port 8080 -> Forward to 192.168.1.50 Port 80To set up port forwarding:
- Assign a static IP to the device you want to reach
- Log in to your router's admin panel
- Find the port forwarding section (sometimes under "NAT" or "Virtual Servers")
- Create a rule specifying the external port, internal IP, and internal port
- Save and test by accessing your public IP (find it at WheresThatIP.com) from outside your network
NAT and IPv6
One of the main reasons NAT exists is the shortage of IPv4 addresses. IPv6 provides enough addresses (340 undecillion) for every device to have its own public address, potentially eliminating the need for NAT.
In an IPv6 world:
- Every device gets a globally unique address
- NAT is no longer needed for address conservation
- End-to-end connectivity is restored (no address translation)
- Port forwarding becomes unnecessary
- Firewalls become even more important (since NAT's incidental protection goes away)
However, IPv6 adoption is still ongoing, and NAT will remain essential for IPv4 networks for years to come.
How to Tell If You Are Behind NAT
- Check your device's IP address in network settings (e.g.,
ipconfigon Windows) - Visit WheresThatIP.com to see your public IP
- If these two addresses are different, you are behind NAT (which is normal for virtually all home and business networks)
How to Tell If You Are Behind CGNAT
- Log in to your router and check the WAN (internet-facing) IP address
- Compare it with your public IP at WheresThatIP.com
- If your router's WAN IP is different from your public IP (and especially if it starts with 100.64.x.x), you are behind CGNAT
- You can also run a traceroute and look for extra hops before reaching the public internet
Frequently Asked Questions
Does NAT slow down my internet?
The overhead of NAT is negligible on modern routers. You will not notice any speed difference. The processing required to translate addresses and manage the NAT table is trivial for modern hardware.
Can NAT cause problems with online gaming?
Yes. Strict NAT types can prevent peer-to-peer connections in multiplayer games. Most routers support UPnP (Universal Plug and Play), which automatically opens the necessary ports. If you have NAT-related gaming issues, enabling UPnP or configuring manual port forwarding usually resolves them.
How many devices can share one public IP through NAT?
Theoretically, up to 65,535 simultaneous connections (limited by available port numbers). In practice, home routers comfortably handle dozens of devices. Enterprise NAT devices can handle thousands.