You’ve probably ignored network address translation or NAT until now, but this hardworking translator could be vital in helping you connect to your digital world. How does it work and why do we even need one? We’ve debunked this complex acronym so you can understand what it means and does (in simple terms)—and why it can be important for your online security. Never rely on it alone though! A VPN like Avira Phantom VPN is still your best bet for more anonymity and privacy online.
What is NAT?
Imagine living on a private island with no digital connectivity to the outside world. You might appreciate the privacy, but the splendid isolation would come with drawbacks—like being unable to send emails or shop online. Similarly, Private IP addresses wouldn’t be of much use if they existed as entirely private digital ‘islands’. That’s where network address translation (NAT for short) comes in: It works as a ‘translation service’ so that private IP networks can ‘speak’ to the internet and cloud. It does this by converting the internal (private) network into a public IP address before packets of data are sent on to the external network.
If you need a technical helping hand, here are some common terms you’ll encounter in any conversation about NAT. Or you can leap straight to “How does NAT work?” below.
Network packets: A packet is a set of data that a computer or server sends to another network. This packet is released from your computer and sent through the router which modifies it by stripping away your private address and replacing it with a public address.
Internet protocol (IP) address: This is a unique string of characters that is assigned to each device connected to the internet. Internet protocol version 4 (IPv4) has been in use since 1983, but all good things come to an end. IPv4 uses a 32-bit address system, which is a little too small, and its global IP address supply is exhausted. The internet is now gradually transitioning to the next version, IPv6: This is based on a mind-blowing 128-bit IP address, so it can support 2^128 Internet addresses!
Private (internal) IP address: This is provided by network devices, such as routers, and is commonly used for local area networks in offices, companies, and campuses. It can’t be seen outside the private network and is strictly non-internet facing. Private IPs are considered a good choice if security is a top priority as they are not routable from outside the private network, making it difficult for external hosts to connect to the system. Trespassers will not be tolerated.
Public (external) IP address: The outward-facing, more sociable cousin of the above. It’s assigned to your router by your internet service provider (ISP) and your router uses this public IP to access the internet. Think of them as a type of fingerprint for your device so that other computers on the internet can find and recognise you. Remember that public IP addresses can be traced back to your ISP and potentially reveal your geographical location. Advertisers, governments, and even hackers may know where you’re connecting from and follow what you do online.
You can explore the main differences between public and private IP addresses in this blog. There are also static and dynamic IP addresses. A fixed, single address is static, and you’ll have to request one from your ISP, usually for a fee. A changing or dynamic IP is randomly assigned by a server when you connect to the internet. These types of IP addresses are less important in your quest to demystify NAT.
How does NAT work?
Let’s imagine this typical scenario. A user (we’ll call him Andy) is at home and connects his laptop to a home network using NAT. That private network then connects to a NAT device that addresses the internet. Andy does a Google search to find Italian restaurants in his local area. His laptop sends his request in an IP packet to the NAT router. Before Andy’s request is fired off to the internet, the router changes the internal IP address from a private local address to a public IP address. If the data packet were to retain a private address, the receiving server wouldn’t know where to return the information to. Thankfully, NAT works both ways: When the destination device sends data back to the router, the router intercepts this data and replaces the public IP address with the original source IP address.
Here’s another use case. Anna works in an organisation with multiple office locations, each with a private network. NAT translates the IP addresses of all devices on each network so they can communicate with one another as if they were on the same network. In this way, the company can help keep its internal network private and secure, while still letting employees at different locations communicate with each other. It’s a win-win for Anna and her colleagues.
Spare a thought for your inconspicuous cable modem or DSL router. It comes with a small, automated translator hard at work inside! Whether they’re for business or home use, nearly all routers today can happily translate back and forth between private and publicly routed IP addresses. Follow these Wi-Fi router security tips to help keep yourself and this small yet mighty device safer from online threats.
What are the advantages of NAT? Explore these ‘super seven’ benefits
Is network address translation the unsung hero of our digital worlds? Should it wear a cape? Whether you’re a private user, an employee in a large corporation, or part of an IT team, NAT may offer many significant benefits in:
- Enhancing security: NAT allows internal networks to hide from the outside world, making it a useful tool for privacy and security. It can prevent attacks that target specific IP addresses and helps to protect devices on an internal network from being accessed directly from the internet. NAT also helps stop devices on the internal network from accessing malicious or unwanted websites. This is called traffic filtering. NAT makes it easier to log network activity, and to track and manage network traffic because all internal IP addresses are mapped to a single external IP address. This helps identify suspicious or unusual activity on the network. IT teams can sleep more easily at night, knowing that their users don’t have the freedom to make poor online choices—or at the very least, be held accountable for them!
- Boosting speed: NAT eliminates the need for each device on an internal network to have its own unique IP address. This reduces the number of packets being routed through the network and can help speed up communications.
- Being flexible by design: IT specialists enjoy the flexibility that NAT gives them in network design as it allows them to change network configurations and add new devices without changing the IP addresses.
- Improving uptime: NAT also allows devices on a private network to connect to multiple public networks. This is called multi-homing and it’s valuable for organisations looking for connection redundancy and greater uptime. If one ISP goes down, it doesn’t take all communications with it.
- Reducing costs: IP addresses come with licences and other associated costs. By cutting the number of IP addresses an organisation needs, NAT can help save money.
- Simplifying network administration: Less is more. NAT makes it easier to manage a network by reducing the number of IP addresses. Especially companies with large fleets of devices will appreciate the reduction in time and effort needed to manage their networks.
- Conserving IP addresses: Remember when we mentioned IPv4 running out of IP addresses? By allowing multiple devices to share a single IP address, NAT helps save IP addresses. This is especially useful for organisations that have been assigned a limited number of IP addresses by their ISP.
It’s important to understand that NAT isn’t designed to be an online security/privacy service and it’s certainly no replacement for a firewall and anti-malware and intrusion detection. Avira Free Security with free VPN, combines online protection, privacy, and performance tools into a single (yet multi-pronged) solution to help keep you safer online.
What are the different types of NAT?
There are three main types of network address translation depending on how the service is provided.
Static NAT
This is a one-to-one mapping, so a router or firewall translates one private IP address to a single external IP address. Here it is in action: Outgoing traffic arrives at the router and the router replaces the destination IP address with a global IP. When the return traffic arrives back at the router, the global IP address is replaced with the source IP address. Static NAT is usually used in servers such as web servers and email servers.
Dynamic NAT
This is one-to-many mapping. Instead of choosing the same IP address every time, this type of NAT goes through a pool of public IP addresses. So, when the outgoing traffic arrives at the router, the router replaces the destination IP address with a global IP address from the pool. This global address is dynamically assigned, hence the name of this NAT. Then when the return traffic arrives, the router replaces the external IP address with the internal source IP address. Dynamic NAT is usually seen in networks that need outbound internet connectivity.
Port Address Translation (PAT)
This is many-to-one mapping as it’s a type of dynamic NAT. It maps multiple internal IP addresses to a single external IP address but does so via port numbers instead of IP addresses. If you’re wondering what the difference is between an IP address and a port number, you’re not alone: An IP address identifies a particular device in a network. A port number identifies an application or process on that device. Here’s how PAT works: When a computer connects to the internet, the router assigns it a port number and adds it to the computer’s IP address. When a second computer connects to the internet, it’s assigned the same external address but a different port number. PAT is mostly used in home networks and was introduced to help conserve IPv4 addresses until the transition to IPv6 is complete. It’s only 16 bits long, but that’s enough to help extend the shelf life of IPv4.
You’ll also encounter NAT types based on their differing levels of data restriction:
Open NAT types are an open door and entirely unrestricted as they disable firewall configurations. Moderate NAT types offer a happy medium with some open ports and some network restrictions. Strict NAT types prevent data from travelling through your local network and can help prevent online attacks against your device. They can also slow down your internet and you might experience more lag when gaming.
Generally, as security goes up, so do the restrictions imposed. You’ll have to decide what your priorities are.
Can you find out your NAT type—and change it?
Here’s how to head into your computer settings to reveal your NAT type.
- Press the Windows key and R.
- Type cmd and press OK.
- Type ipconfig in the new window and press Enter.
- Copy the address next to the Default Gateway line and paste it into your browser.
- Within the settings of your modem, you can see the NAT type under internet settings (but this varies from modem to modem). If you have no NAT, this will not appear.
If you want greater control over your network settings, you can tinker with your NAT. For example, if you’re an avid gamer, using Open NAT could reduce lag and connection issues to help improve your overall gaming experience. If you work from home, changing your NAT to open or moderate could mean clearer video conferencing calls and faster file transfers. Remember that you’ll be sacrificing some security and privacy for your newfound freedom! Before making changes, it’s a good idea to take note of your current router so you can revert to the previous state if any problems arise. If you’re sure you want to go ahead, choose from these five ways to change your NAT type.
It’s considered safer to use a VPN, like Avira Phantom VPN, which replaces your real IP address with the IP address of the server you’re connecting to. So, if that server is in Serbia, so are you for the purposes of your connection! Happy travels. Plus, a VPN encrypts your internet traffic and helps protect your digital identity, keeping you safer from online tracking and threats.
Are there any disadvantages to NAT?
We’ve explored the many benefits of network address translation, but are there any drawbacks? Network performance can be a casualty of overzealous NAT settings, particularly if you use real-time audio-video tools, such as VoIP and video conferencing. That’s because NAT increases switching delays—the translation of each IPv4 address within the packets takes time. Some applications like digital signatures don’t work with NAT because the source address changes before reaching the host.
IT teams might not appreciate the extra layers of complexity that NAT can add to network design—converting public IP to private and then back again is an extra headache. Also, if multiple devices on a private network share the same public IP address due to NAT, it can be challenging to identify and manage individual devices.
Is network address translation still relevant with the dawn of IPv6?
Time will tell. We briefly mentioned that IPv6 was introduced to overcome the address limitations of IPv4, but there’s more: It’s also designed to eliminate the need for network address translation at all! IT teams are opting for what they call “native IP6 connectivity” because this straightforward approach helps avoid the complexities associated with NAT.
Currently, IPv6 and IPv4 addresses still coexist and NAT allows organisations to connect to both IPv6 and IPv4 networks, so it’s not a case of “goodbye NAT”—yet. There’s even a NAT66, especially for IPv6 networks.
Avira Phantom VPN helps safeguard your online privacy
Even if you’re using NAT and private IPs, please don’t feel invincible and invisible. Although the private IP addresses of your devices are hidden, your public IP address is not. That’s why a VPN like Avira Phantom VPN is essential: It’s designed to enhance your privacy and security by helping to encrypt your internet connection and safeguard your data from cyber threats. If it’s online anonymity you’re after, a VPN is also your best friend. It helps mask your IP address for greater online freedom—like watching your favourite boxed set from home in your hotel room abroad. Avira Phantom VPN is available for PC, Mac, Android, and iOS.