What is NAT?

One-to-One, One-to-Many, NAT, PAT, Static, DNAT, SNAT, STUN

This page is about network address translation, also better known as NAT. The details this page goes in about is all about vendor neutral.

In short, NAT is a technique that is used to allow hosts with an internal IP to be translated to an external IP. Be it one and public IP and the other private or both public or private. This saves the use of public IP’s, which is a problem with IPv4. The amount of addresses ran out. NAT is a ‘solution’ to this to let multiple hosts use the same public IP to use the internet.


One-to-one NAT is one of the most basic forms of NAT. In simple terms a router that runs one-to-one NAT only changes the IP addresses, the IP header checksum and any other checksums that include the IP’s changed. This allows only one single IP in a network to be translated to another network at the same time.


One-to-many NAT is the type of NAT we use the most often. It is the default and basically only implementation of NAT in basic households in the world.

One-to-many NAT allows multiple, often private IP’s (RFC 1918), to communicate with one single, often public, IP.
When traffic from a client host within the private subnet passes the router it’ll then keep track of both the destination IP and port along with the source IP and port. When traffic from the receiving host is send back the NAT router can use the information it keeps track of to determine which client host should receive the traffic back.

Simply put, the router attaches its own source port when it forwards the traffic to easily keep track of what comes back. This kind of NAT is often called PAT (Port Address Translation).


SNAT (Source NAT as a universal name) is, as the name implies, NAT from the source which is the client.
A home router performs SNAT continuously as many client hosts inside the internal network are translated to one IP on the outside.


DNAT (Destination NAT) is the opposite of SNAT. DNAT allows either one single public IP to be ‘mapped’ to one single internal IP, as if that internal IP is actually external. (This is sometimes also called static NAT)

DNAT can also be used map multiple specific ports to multiple specific internal IP’s. (Which is similar to port-forwarding.)


STUN (Session Traversal Utilities for NAT) is not NAT by itself but it is quite important in today’s world. Whether it is controlling things like cheap remote camera’s, remote controlled smart thermostats, cloud controlled access points and remote computers with TeamViewer or Quick Assist.

Simply explained, STUN is a technique where there’s actually a server or servers in between both the clients (for intance your smartphone and the remote smart thermostat) to which they both connect. The server is basically the middle man that receives commands and data from one client and passes that to the other as if the devices were actually connected together.

Using STUN doesn’t require port-forwarding at all. Though, STUN can come with security issues if the server would be compromised by remote attackers and has access to any of the clients connected to it.