Network address translation

Network Address Translation (NAT) is the process of mapping multiple private IP addresses to a lesser number of public ones. Typically, this is used in such a way that a collection of devices on a private network are connected to the Internet under a single IP address.^[1] This process was designed largely to slow the depletion of IPv4 addresses which could be publicly registered.^[2][3] Some parts of the world are now using IPv6 instead (which offers many more addressed than IPv4); however, in many countries IPv4 is still used, but almost exclusively with network address translation.

Dynamic NAT

This type creates a one-to-one relationship between the remote and local devices when and where they are requested. Typically, the router's public IP address is itself dynamically assigned, and can therefore change at any time.^[4]

Static NAT

Permanently maps an internal IP address to a public one. This is useful for allowing (often unsolicited) external traffic into a local server.^[4]

Overloading (or Port Address Translation)

IPs are added to the mappings table based on the source and destination ports that are used. Internal devices can always join the internal network and share the external address(es) as long as there are valid port numbers not in use.^[4]

Overlapping

When public addresses are used inside a network (thus overlapping private addresses onto public address space), a public address block can be used on multiple internal networks. Those "internal" addresses can be translated to other public addresses when connected to the "public" side of the router.^[4]

The typical process of using network address translation looks something like this:

1. Multiple network devices (including computers, smartphones, and IoT devices) are connected to a local area network
2. Each device is assigned its own internal IP address from the unregistered IP block is use, such as 10.x.x.x or 192.168.x.x, by the local DHCP server. A DHCP server is typically integrated into consumer routers.
3. The router also requests a public IP address from the external network's DHCP server, unless it has already been assigned a static IP address.
4. When an internal device attempts to access the external network (usually the Internet), the router sends out that internal device's request on its behalf. That outgoing request is sent with a specific port number which is remembered by the router.
5. When a response is sent back to the router, the port number is read, and it is forwarded to the device which made the request, using that device's internal IP address.
6. The internal device can continue this exchange for as long as is needed. The remote server keeps sending its messages to the router's IP and the port number assigned to the internal device. The internal device keeps sending its messages to the router.
7. When another device also initiates a connection to the Internet, its requests are also sent to the router, which passes on those requests to the remote server using this device's unique port number. This exchange with the router is easily differentiated from the other exchange using port numbers, and delivered to the requesting devices.
8. When unsolicited traffic comes to the router (a regular occurrence on the Internet), a NAT system alone will attempt to remap this traffic based on the port number is used. If no such port number is in use, it will either drop the packet (ignore it), or reply with an error code stating that the requested device could not be found. However most networks, including most of those behind cheap consumer routers, typically have a firewall which blocks this kind of traffic, when an internal device did not first contact that external device.

^[1][2][3]