A brick wall in red flames with NAT on it. Surfshark logo on a monitor behind the wall, and a globe with WWW at the front.

A NAT firewall (Network Address Translation) is a feature on your router that adds a filter between your devices and the internet. It monitors the traffic that reaches you and is one of the many factors in your online protection. 

Incoming data is steered towards a public-facing IP address (Internet Protocol), where it undergoes conversion to an internal IP address to the firewall before the data reaches its final point. 

Table of contents

    NAT firewalls explained

    A Network Address Translation does exactly what the name suggests — it translates information. It’s easy for us to think that if we type “Shoe store near me” into our search engine, that’s precisely what our device is looking for. But our computers don’t speak our language; they communicate in data packets.

    That’s where NAT comes in. It allows you to communicate with your computer and get the desired results. But that’s just the NAT part. What about the firewall? 

    A firewall is a network security device that monitors and filters incoming and outgoing network traffic. So before the list of shoe stores can reach you, it has to go through your guard dog — NAT. 

    A NAT firewall has two main uses: security and solving the IPv4 shortage. Let’s start with the one that benefits you the most. 

    NAT network security

    So, how does a NAT firewall keep you protected? 

    It compares the things you have searched for to the results and ensures that the only things getting through are things you asked for. This adds an extra layer of security as internet traffic you did not request cannot reach your private network. 

    How does NAT function?

    All of NAT’s hard work usually only takes a couple of seconds, which is why it’s so easy to forget it’s there. But it is tremendously important nonetheless, so let me break the process down for you:

    1. Your device sends a request to a web server
    The request is sent via data packets that include information like the IP of the web server, port numbers, and the information you requested.
    2. The traffic goes through the NAT firewall on your router
    NAT changes the private IP of the data packets to the router's public IP. It notes this change for later.
    3. Data packets reach the web server
    Your request to open a web page has been logged, filtered, changed, and sent off to the internet.
    4.The information travels back to your router
    NAT now needs to determine which device requested it. Otherwise, even though you searched for “Surfshark.com” on your phone, you would get the results on your computer and any other device as well.
    5. NAT sends it to the requested device
    Now that NAT has determined which device requested the information, it can change the IP of the data packet to the previous private one and forward it to the correct device.
    Private IP address is between a smartphone or laptop and a router; public IP address is between the router and internet.

    From the left: a laptop and a phone connected to a router to its right by a line with “Private IP address” above it. A line with “Public IP address” connects the router to a globe on its right with “www” and social media icons on it. 

    Nat also uses rules to determine if data packets should pass through the firewall and where they should go. Some rules allow for packet management. 

    You may have noticed I mentioned private and public IP addresses. These are more relevant in the second functionality of NAT, so let’s jump to it. 

    What is a NAT type?

    There are three different types of NAT you should know about. Each type plays a different role and provides a specific purpose depending on network requirements and configurations. 

    1. Open NAT: Open NAT has limited restrictions on connectivity, making it ideal for online gaming where features like multiplayer and voice chat are popular. Open NAT allows communication between devices on a private and external network with minimal interference.
    2. Moderate NAT: Moderate NAT allows some flexibility, but limitations exist. With this, you can connect your device to online services, but your access may be limited. With Moderate NAT, you may experience some communication issues, and connection speeds could suffer because certain ports may not be open. 
    3. Strict NAT: Strict NAT is restrictive, and devices in a private network have limited or no direct communication with ones on an external network. If a firewall blocks specific ports or your NAT configuration is intricate, Strict NAT will make connections difficult or slow.  

    The choice of the three types depends on the specific network requirements. Open NAT is ideal for online gaming or situations where unrestricted communication is essential. For a balance between access and security, Moderate NAT is a good choice. Furthermore, Strict NAT is ideal for situations that require security to be the top priority.  

    Why is NAT important?

    NAT is important because it protects your privacy. Thanks to NAT, the scalability of the IPv4 addressing system has been enhanced. NAT helps conserve IP addresses by “splitting” one IP into many, giving unique IPs to devices on the same network. This way, NAT provides increased security and privacy by masking the device’s IP address on public networks.

    NAT optimizes the use of IPv4, and you don’t need to worry about a shortage of IPv4 addresses. 

    To explain the IPv4 shortage, we first need to understand what IPv4 is. Let’s start with the basics. 

    IP address stands for Internet Protocol address — a unique numerical name that every electronic device connected to a computer network has. Think of it as a home address: it is unique to a single device and is a way to recognize that device. 

    IPv4 is the original design of an IP address. Although still used today, it only allows around 4 billion addresses. Since there are over 7 billion people in the world and most of us use more than one device, you can imagine why there’s a shortage.

    That’s where NAT comes into play. It allows your devices to have unique private IPs for in-house communication and gives your entire local network a public IP address. By enabling more than one device to connect, NAT solves the IPv4 address shortage and optimizes the address pool. 

    Metaphor: if NAT was a hotel administrator 

    Imagine a hotel with many rooms (each room represents a separate device). Each room also has its own address. Your computer is room 1; your phone is room 2; your smart TV is room 3, and so on. These are private IP addresses needed for communication inside the hotel. 

    The hotel has its own public address, too, so people outside could find it. This address is a public IP address. 

    NAT stands as the administrator. If room 1 gets a delivery, it provides the hotel’s address, and the box is delivered to the hotel. The administrator can check the logs and ensure the delivery reaches the correct room.

    A building with two palms at the sides and a HOTEL sign. To the right, a man in a suit with NAT Hotel administrator below.

    Disadvantages of a NAT firewall 

    NAT firewalls have many benefits as well as disadvantages. Like with any technology, it’s important to consider the downsides before using it. 

    Here are some disadvantages of a NAT firewall:

    • Complexity and intricacy of a network. Using multiple devices and interactions can increase network complexity. If the number of devices increases, connections will also increase, possibly leading to configuration errors. Troubleshooting can be more challenging, and there could be compatibility issues. 
    • Performance problems. NAT firewalls may cause performance problems as they can cause slower network speeds and latency. Translating IP addresses adds an extra step, and this extra time can create a delay. This can also happen if the maximum number of devices is connected.
    • Connection limitations. NAT can block certain types of connections for devices on a private network, like peer-to-peer connections. NAT can also affect security measures like intrusion prevention, detection systems, and firewalls because it hides the destination of the source. 
    • Issues with end-to-end connectivity. NAT can disrupt the end-to-end connectivity between devices across different private networks. This can impact communication and devices that need to link directly to each other. 

    Is your router using a NAT firewall?

    If you’re wondering whether your router is using a NAT firewall, you’re in luck — most modern routers do. And there’s a pretty easy way to check it without diving into router settings: 

    Step 1: Connect at least two devices to your router’s network. 

    Step 2: Make sure you are not connected to any services that would change your IP.

    Step 3: Go to a website that checks your IP address on both devices. 

    Step 4: Check whether the IPs you see on both devices match. If they do, your router is using a NAT firewall.

    How to set up a NAT firewall

    To set up a NAT firewall, you must configure your network device for the external internet to communicate with devices in your private network. 

    Let’s look at the key steps of setting up a NAT firewall:

    1. Access your router settings on a web browser. 
    2. Locate NAT settings and enable NAT firewall. 
    3. Once NAT is activated, set up port forwarding rules to specify the devices and ports concerned.  
    4. Save the changes you made.
    5. Test the connectivity on external and internal devices.  

    Setting up a NAT firewall will vary depending on your platform and device. Interfaces can differ, so check the instructions for your specific device if you encounter any difficulties. 

    NAT: the invisible protector

    Although NAT firewalls aren’t primarily a security feature, they are incredibly useful on that front anyway. And if you’ve been paying attention, you may have discovered that your router already uses it. 

    Of course, NAT alone isn’t enough to keep you safe from the many dangers on the internet. I also recommend using a VPN (Virtual Private Network) due to the added safety and security benefits. Use a VPN to keep yourself safe while navigating the internet, keep your internal network structure hidden, and preserve your privacy.

    Plug the holes in your security
    A VPN is a major component of keeping your online life secure
    Get Surfshark
    Surfshark

    FAQ 

    What is NAT used for?

    NAT (Network Address Translation) lets different devices in a private network share a public IP address. NAT helps to boost privacy and conserve IP addresses by changing a public IP-facing address to an internal IP address. It then sends the traffic on to its final destination.

    Is it good to use a NAT firewall?

    Yes, using a NAT firewall for privacy and security is good. By hiding internal IP addresses and blocking malicious traffic, it offers protection against cyberthreats. However, incoming traffic that passes through a network firewall is only blocked if that firewall detects it.  

    Do you need a VPN if you’re using NAT? 

    Yes, you do need a VPN, even if you’re using NAT. It’s true that NAT protects you, but it does not make you completely safe. Although the private IP addresses of your devices are hidden by it, your public IP address is not. You can, however, hide it with a secure VPN. 

    Does NAT work with VPNs?

    Yes, NAT works with VPNs, but there’s a catch. Newer protocols like OpenVPN and IKEv2 account for NAT and allow it to function. That’s why, when choosing your VPN provider, you should look at the protocols it offers.