👈

🌐 Network Address Translation (NAT) – Complete Explanation

1️⃣ What is NAT?

NAT (Network Address Translation) is a networking technique used to translate private IP addresses into public IP addresses (and vice versa) when traffic moves between private networks and the internet.

Simple definition:

NAT allows devices with private IP addresses to access the internet using one or more public IP addresses.

2️⃣ Why NAT Was Needed (The Real Problem)

🔴 Problem 1: IPv4 Address Exhaustion

IPv4 has:

2³² = ~4.3 billion addresses

This number is:

  • Not enough for the whole world
  • Especially with phones, laptops, IoT, servers

🔴 Problem 2: Private Networks Cannot Access Internet Directly

Private IP ranges:

  • 10.0.0.0 – 10.255.255.255
  • 172.16.0.0 – 172.31.255.255
  • 192.168.0.0 – 192.168.255.255

These IPs: ❌ Are not routable on the internet

So:

  • Your laptop → private IP
  • Internet → public IP

They cannot talk directly.

🔴 Problem 3: Security & Isolation

Exposing every internal device with a public IP would:

  • Increase attack surface
  • Increase cost
  • Reduce control

✅ NAT Solved All These Problems

NAT allows:

  • Thousands of private devices
  • To share one public IP
  • Without exposing internal IPs

3️⃣ Where NAT Exists in Real Life

🏠 Home Network

  • Wi-Fi router does NAT
  • All devices share one public IP

🏢 Enterprise Network

  • Firewall performs NAT

☁️ Cloud (AWS, Azure, GCP)

  • NAT Gateway / NAT Instance

4️⃣ Basic Working of NAT (Step-by-Step)

Example Setup

Laptop (Private IP): 192.168.1.10
Router (Public IP):  203.0.113.5
Website Server:      142.250.195.14

🔄 Step-by-Step Flow

1️⃣ Laptop sends request

Source IP: 192.168.1.10
Destination IP: 142.250.195.14

2️⃣ Router receives packet

Router sees:

  • Source IP is private
  • Needs translation

3️⃣ NAT Translation Happens

Router changes:

Source IP: 203.0.113.5
Source Port: Random port (e.g., 45001)

Router stores mapping:

192.168.1.10:51524 ↔ 203.0.113.5:45001

4️⃣ Packet goes to internet

Internet sees:

Request from 203.0.113.5

5️⃣ Response comes back

Destination IP: 203.0.113.5
Destination Port: 45001

6️⃣ Router translates back

Router checks NAT table and sends response to:

192.168.1.10:51524

✔ Communication successful ✔ Internal IP hidden

5️⃣ NAT Table (Very Important Concept)

NAT maintains a translation table:

Private IPPrivate PortPublic IPPublic Port
192.168.1.1051524203.0.113.545001

This table:

  • Is temporary
  • Entries expire after inactivity

6️⃣ Types of NAT (Very Important)

🔵 1. Static NAT

What it is:

  • One private IP ↔ One public IP (fixed)

Example:

192.168.1.10 ↔ 203.0.113.10

Use cases:

  • Hosting internal server
  • Fixed mapping required

Pros:

  • Predictable
  • Simple

Cons:

  • Wastes public IPs
  • Not scalable

🟢 2. Dynamic NAT

What it is:

  • Private IP mapped to any available public IP from a pool

Example:

Public IP Pool: 203.0.113.10 – 203.0.113.20

Pros:

  • Better utilization than static NAT

Cons:

  • Still limited by pool size

🟠 3. PAT (Port Address Translation) – MOST COMMON

Also called:

NAT Overload

What it is:

  • Many private IPs share one public IP
  • Differentiated using ports

Example:

203.0.113.5:45001 → 192.168.1.10
203.0.113.5:45002 → 192.168.1.11

Why this is powerful:

  • Thousands of devices
  • One public IP

✔ Used in home routers ✔ Used in AWS NAT Gateway

7️⃣ Inbound vs Outbound NAT

🔹 Outbound NAT

  • Private → Internet
  • Most common
  • Allowed by default

🔹 Inbound NAT (Port Forwarding)

  • Internet → Private device
  • Requires explicit rule

Example:

Public IP:80 → Private IP:192.168.1.10:80

8️⃣ NAT and Security

NAT provides basic protection:

  • Internal IPs hidden
  • Unsolicited inbound traffic blocked

⚠️ But NAT is NOT a firewall

Security still requires:

  • Firewall rules
  • Security Groups (AWS)
  • NACLs

9️⃣ NAT Problems & Limitations

❌ Breaks End-to-End Connectivity

  • Peer-to-peer apps struggle

❌ Protocol Issues

  • Some protocols embed IP in payload
  • NAT must inspect deeply

❌ Troubleshooting Complexity

  • Logs harder to trace

🔟 NAT vs IPv6

IPv6:

  • Huge address space
  • NAT not required

But:

  • NAT still widely used
  • IPv4 dominates today

1️⃣1️⃣ NAT in AWS (Very Important)

🟣 NAT Gateway

  • Managed service
  • Scalable
  • Highly available
  • Used for private subnets

Flow:

Private EC2 → NAT Gateway → Internet Gateway

🟣 NAT Instance

  • EC2 acting as NAT
  • Manual scaling
  • Not recommended now

🟣 Key AWS Rule

❗ NAT Gateway:

  • Allows outbound only
  • Does NOT allow inbound connections

1️⃣2️⃣ Common AWS Exam Traps

❓ Private EC2 needs internet access? 👉 Use NAT Gateway

❓ Internet to private EC2? 👉 NOT possible via NAT

❓ Save cost? 👉 Use one NAT Gateway per AZ wisely

1️⃣3️⃣ Real-World Analogy

NAT = Office Receptionist

  • Employees have internal extensions
  • Outsiders call main number
  • Receptionist routes calls

1️⃣4️⃣ One-Line Exam Definition

NAT translates private IP addresses into public IP addresses to enable internet access while conserving IPv4 addresses.

1️⃣5️⃣ Final Summary

  • NAT solves IPv4 shortage
  • Enables private networks to access internet
  • Uses IP + port translation
  • PAT is most common
  • Essential in AWS networking