/ Networking Basics / By

What Is NAT and How Does It Work?

If you’re diving into networking for the first time, especially with an eye toward pentesting, you’re going to run into something called NAT, or Network Address Translation. It shows up everywhere, and it quietly plays a huge role in how devices connect to the internet.

Let’s break it down in a way that actually makes sense.

Why NAT Exists in the First Place

Back in the early days of the internet, every device needed a unique IP address to connect. But IPv4 (the older version of IP addresses) only has around 4.3 billion possible addresses. That sounds like a lot, but we ran out!

To fix this, engineers came up with NAT. NAT lets multiple devices share a single public IP address. That way, a whole household—or an entire company—can access the internet using just one public IP.

What NAT Actually Does

Let’s say you’ve got a home network with 3 devices:

  • Your laptop: 192.168.1.10
  • Your phone: 192.168.1.11
  • Your smart TV: 192.168.1.12

These are private IP addresses, which are not routable on the internet. When one of these devices tries to visit a website, the router (which has a public IP) translates the private address to the public one. That’s NAT in action.

Think of NAT Like a Mailroom

Here’s a simple analogy:

  • Your devices are employees in a company (each with a private desk number).
  • The router is the mailroom.
  • The internet is the rest of the world.

When an employee sends a letter (a web request), the mailroom writes the company’s street address (the public IP) on the envelope and keeps track of which desk sent it. When the reply comes back, the mailroom knows which desk (device) it belongs to and forwards it there.

How NAT Ties Into Penetration Testing

As a pentester, you’ll see NAT all the time:

  • Home labs usually sit behind NAT.
  • Target networks often use NAT to hide internal systems from the internet.
  • Reverse shells and C2 connections often have to work around NAT.
  • Port forwarding (on routers or cloud firewalls) is often needed because NAT blocks unsolicited inbound traffic by default.

If you’re trying to get a reverse shell from a target that’s behind NAT, you’re going to have to think creatively—maybe use a public server you control to relay traffic, or set up a listener that the target reaches out to.

Types of NAT (You Might Hear About Later)

You don’t need to memorize these now, but here are the common types:

  • Static NAT – One private IP maps to one public IP. Rare for home use.
  • Dynamic NAT – Private IPs get assigned public IPs from a pool.
  • PAT (Port Address Translation) – This is the most common type. It maps many private IPs to one public IP using port numbers to keep track of sessions.

PAT is what your home router is doing most of the time.

Summary

  • NAT helps multiple devices share one public IP.
  • It works by translating private IPs to a public IP (and tracking who asked for what).
  • It’s a huge part of how home and corporate networks access the internet.
  • You’ll deal with NAT constantly as a pentester—especially when setting up shells, pivoting, or building attack infrastructure.

Related Posts

Scroll to Top