What is NAT? How Does NAT Work?

what is NAT

In this blog we will look at what is NAT(Network Address Translation) and the key concepts and workflows involved in NAT.

What is NAT?

NAT stands for Network Address Translation. Network Address Translation, as the name indicates, translates a given set of private IP addresses to a single public IP address attached to a gateway device. For example, a home modem or a firewall device in an organization.

To address the IPV4 exhaustion issue, the private IP ranges was introduced and organisations could use the private IP ranges for their tens of thousands of computers and servers. But the problem is, when you have a private network with devices having private IP addresses, you cannot route the traffic to public Internet because the destination server cannot route the response to the private IP range.

Here is where NAT comes in to picture. The gateway device in your home or organization connected to the ISP with a public address will do the Natting. When it comes to cloud platforms like AWS, Azure, or Google cloud, a NAT gateway gets deployed in public subnet for servers in the private subnet to communicate to the outside world.

Also, you might want to keep the private network secure from the external network.

Now let’s understand how NAT works.

How Does NAT Work?

Here is a high level architecture of a request that goes via NAT device (Router).

NAT high level architecture

So here is how it works.

Step 1: A computer in the private network tries to access a public website. For this example, lets assume it as google.com.

Step 2: The request packet first reaches the router. The router has a public IP address. It adds its public address as the source IP address in the request IP packet header and forwards the request, as shown in the image below. You can also call this process as “masquerading”.

NAT IP source and destination modification process

Step 3: The request reaches the server (google.com) and it sends the webpage as response by altering the source to the servers IP and destination as routers public IP as shown in the image above.

Step 4: When the response reaches the router, it modifies the destination address to the requested computers private IP address as shown in the image above.

The router keeps track of requests via the NAT table. It is a unique table managed by the NAT-enabled device. In our example, it’s a router. With the NAT table information, the router knows from which device the request started and to which device it should send the response back.

What Does NAT solve?

NAT solves a bigger problem with IPV4 exhaustion. RFC1918 (Private IP ranges) is made possible due to NAT. RFC1918 Subnets has the following ranges.

  2. (172.16/12 prefix)


Does NAT maps MAC adddress?

No. NAT works on the Network layer (Layer 3) where it deals with with packets. While MAC address belong to the data-link layer.

Do you need a NAT for Servers With public IP & Internet Connectivity?

No. NAT is designed for devices with private IP ranges to connect to internet.


In this blog we learned about the important concepts in Network Address Translation. NAT is a very important topic when it comes to cloud networking.

Every DevOps engineer should know about NAT and how it works. In my becoming a DevOps engineer guide, I have spoken about learning NAT in the networking section.

Further Reading & References

[1]. RFC-2663: Network Address Translator (NAT) Terminology and Considerations

1 comment
Leave a Reply

Your email address will not be published. Required fields are marked *

You May Also Like