NAT, or Network Address Translation, is a technique used in networking to allow multiple devices within a local network to share a single public IP address for communication with devices outside the local network, such as on the internet.

When a device from within the local network wants to communicate with a device outside the network, such as a web server on the internet, NAT translates the private IP address of the device into the public IP address of the router or gateway that connects the local network to the internet. It also assigns a temporary port number to that communication session. This allows the device to communicate with the server on the internet using the router's public IP address and the assigned port number.

NAT keeps track of these translations in a NAT table, which maps the private IP addresses and port numbers to the public IP address and port numbers. This enables the router to correctly route incoming data packets back to the appropriate device within the local network.

One-to-one mapping of internal private IP addresses to external public IP addresses. This type of NAT is typically used when a device within the internal network needs to be consistently accessible from outside the network.

Maps a pool of internal private IP addresses to a pool of external public IP addresses on a first-come, first-served basis. It dynamically assigns external IP addresses from the pool to internal devices as needed.

Maps multiple internal private IP addresses to a single external public IP address by using different port numbers to distinguish between connections. This is the most common type of NAT used in home and small office networks.

NAT maintains a translation table that keeps track of mappings between internal private IP addresses, internal port numbers, external public IP addresses, and external port numbers. When a packet traverses the NAT device, it consults this table to determine how to translate the source and destination addresses and ports.

  Internal IP       Internal Port   External IP       External Port   Protocol   State    Timeout
  192.168.1.10      5000            203.0.113.1       10234           TCP        Active   3600s
  192.168.1.20      8080            203.0.113.1       443             TCP        Active   3600s
  192.168.1.30      6000            203.0.113.2       5000            UDP        Idle     300s

In this example:

Device with internal IP address 192.168.1.10 is communicating over TCP using port 5000, and its traffic is being translated to external IP-Address 203.0.113.1 with port 10234.

Device with internal IP address 192.168.1.20 is communicating over TCP using port 8080, and its traffic is being translated to external IP-Address 203.0.113.1 with port 443.

Device with internal IP address 192.168.1.30 was previously communicating over UDP using port 6000, but its translation entry has expired due to inactivity.

When a packet from an internal device is destined for an external device, NAT replaces the source IP address and port number in the packet header with the external public IP address and a unique port number from the NAT table.

When a response packet comes back from the external device, NAT looks up the destination IP address and port number in the NAT table to determine which internal device to forward the packet to. It then replaces the destination IP address and port number in the packet header with the corresponding internal private IP address and port number.

NAT can sometimes introduce issues with certain applications or protocols that embed IP addresses or port numbers within their data payloads.

NAT traversal techniques, such as UPnP (Universal Plug and Play) and NAT-PMP (NAT Port Mapping Protocol), are often employed to address these limitations and facilitate communication between devices behind NAT.