Understanding NAT: Public vs Private IPs, Types, and Server Setup

Public and Private IP Addresses

Public IP addresses are globally routable on the Internet. Private IP addresses are reserved for use inside internal networks and are not reachable from the public Internet.

Class A private range: 10.0.0.0 – 10.255.255.255 Class B private range: 172.16.0.0 – 172.31.255.255 Class C private range: 192.168.0.0 –

192.168.255.255

NAT Types

Static NAT

Static NAT creates a permanent one‑to‑one mapping between a private IP address and a fixed public IP address on the router. The mapping never changes, so each internal host always uses the same external address.

Static NAT supports bidirectional communication

Example: An ISP provides three public addresses 12.xx1, 12.xx2, 12.xx3. The enterprise router maps PC1 (192.168.1.2) to 12.xx2 and PC2 (192.168.1.3) to 12.xx3. Traffic from those PCs is translated to the assigned public addresses, and return packets are translated back to the correct private host. A host without a static entry (e.g., PC3) cannot reach the Internet.

Dynamic NAT

Dynamic NAT uses a pool of public IP addresses. When an internal host initiates a session, the router temporarily assigns a free public address from the pool. The mapping exists only for the duration of the session.

If the pool is exhausted (e.g., three hosts have already taken all public addresses), additional hosts cannot access the Internet. Dynamic NAT still provides a one‑to‑one mapping, so it does not improve address utilization.

NAPT (Network Address and Port Translation)

NAPT extends NAT by also translating the transport‑layer port numbers. This creates a many‑to‑one mapping: many private hosts share a single public IP address, each distinguished by a unique source port.

When PC1 accesses a web server, the router records the source IP, source port, destination IP, and destination port in a dynamic translation table. Return traffic is matched against this table and forwarded to the correct internal host, allowing many hosts to share one public IP address.

Easy IP

Easy IP works like NAPT but does not use a separate address pool. The router’s own interface address serves as the public IP, and both IP and port are translated for outbound traffic. This is useful when the ISP supplies a dynamic public IP via DHCP or PPPoE.

NAT Server (Port Mapping)

A NAT server maps a specific public IP:port pair to a private IP:port pair, enabling external clients to reach internal services.

Map the internal service address (e.g., 192.168.0.2:80) to the router’s public IP and a chosen port (e.g., 12.xx8:43333).

External clients connect to 12.xx8:43333; the router receives the packet.

The router looks up the NAT table, translates the destination to 192.168.0.2:80, and forwards the packet to the internal server.

The server’s response is reverse‑translated, allowing bidirectional communication.

Advantages and Disadvantages of NAT

Advantages

Reduces consumption of scarce public IP addresses by allowing many private hosts to share a few public addresses.

Facilitates ISP changes without readdressing the internal network.

Improves internal security by hiding private addresses from the Internet.

Allows overlapping private address spaces across organizations that are not directly connected.

Disadvantages

Translation adds processing overhead and can increase latency on routers.

Source IP replacement prevents end‑to‑end IP tracking for external services.

External hosts cannot initiate connections to private hosts without explicit port mapping.

Some protocols (e.g., IPsec) are incompatible with NAT because they cannot tolerate header modifications.