A NAT firewall is a feature on your router that adds an additional filter between your devices and the internet. It filters the traffic that reaches you and is one of the many things that factor into your online protection. Since it mostly functions invisibly, you may not think or even know about it. However, it plays a big role in ensuring that the information that reaches you is secure.
NAT firewalls explained
NAT stands for Network Address Translation and does exactly that – it translates information. It’s easy for us to think that if we type, “Shoe store near me” into our search engine, that’s exactly what our device is looking for. But our computers don’t speak our language, they communicate in data packets.
That’s where NAT comes in. It allows you to communicate with your computer and get the results you asked for. But that’s just the NAT part. What about the firewall?
A firewall is a network security device that monitors and filters incoming and outgoing network traffic. So before the list of shoe stores can reach you, it has to go through your guard dog – NAT.
A NAT firewall has two main uses: security and solving the IPv4 shortage. Let’s start with the one that benefits you the most.
NAT network security
So how does a NAT firewall keep you protected?
It compares the things you have searched for to the results and ensures that the only things getting through are things you asked for. This adds an extra layer of security as internet traffic you did not request cannot reach your private network.
How does NAT function?
All of NAT’s hard work usually only takes a couple of seconds, which is why it’s so easy to forget it’s there. But it is tremendously important nonetheless, so let me break the process down for you:
1. Your device sends a request to a web server
2. The traffic goes through the NAT firewall on your router
3. Data packets reach the web server
4. The information travels back to your router
5. NAT sends it to the requested device
The request is sent via data packets that include information like the IP of the web server, port numbers, and the information you requested.
NAT changes the private IP of the data packets to the public IP of the router. It notes this change for later.
Your request to open a web page has been logged, filtered, changed, and is now sent off to the internet.
NAT now needs to determine which device requested it. Otherwise, even though you searched for “Surfshark.com” on your phone, you would get the results on your computer and any other devices as well.
Now that NAT has determined which device requested the information, it can change the IP of the data packet to the previous private one and forward it to the correct device.
You may have noticed I mentioned private and public IP addresses. These are more relevant in the second functionality of NAT, so let’s jump to it.
Solving the IP shortage with NAT
To explain the IPv4 shortage, we first need to understand what IPv4 is. Let’s start with the basics:
The term IP address stands for Internet Protocol address. An Internet Protocol address is a unique numerical name that every electronic device connected to a computer network has. Think of it as a home address: it is unique to a single device and serves as a way to recognize that device.
IPv4 is the original design of an IP address. Although still used today, it only allows a total of about 4 billion addresses. Since there are over 7 billion people in the world and most of us use more than one device, you can imagine why there’s a shortage.
That’s where NAT comes into play. It allows your devices to have unique private IPs for communication in-house and also gives your entire local network a public IP address.
Metaphor: if NAT was a hotel administrator
Imagine a hotel with many rooms (in this metaphor, each room represents a separate device). Each room also has its own address. Your computer is room 1; your phone is room 2; your Smart TV is room 3, and so on. These are private IP addresses needed for communication inside the hotel.
The hotel itself has its own public address, too, so that people outside could find it. This address is a public IP address.
NAT stands as the administrator. If room 1 gets a delivery, it provides the hotel’s address, the box is delivered to the hotel, and the administrator can then check the logs and make sure the delivery reaches the correct room.
Is your router using a NAT firewall?
If you’re wondering whether your router is using a NAT firewall, you’re in luck – most modern routers do. And there’s a pretty easy way you can check it without diving into router settings:
Step 1: Connect at least two devices to your router’s network.
Step 2: Make sure you are not connected to any services that would change your IP.
Step 3: Go to a website that checks your IP on both devices.
Step 4: Check whether the IPs you see on both devices match. If they do, your router is using a NAT firewall.
NAT firewalls and VPNs
Now that you’ve learned about NAT firewalls, you may have a fewquestions.
Do you need a VPN if you’re using NAT?
Yes. It’s true that NAT protects you, but it does not make you completely safe. Although the private IP addresses of your devices are hidden by it, your public IP is not. You can, however, hide it with a secure VPN.
NAT firewalls also do not encrypt your data.
Does NAT work with VPNs?
Yes, but there’s a catch. By design, a NAT firewall needs to know some information about your traffic to work. If you know that a good VPN encrypts your data and makes it unreadable, you might wonder whether a NAT firewall can work when a VPN is active. And you’re right to wonder. After all, there are outdated VPN protocols that will not work with NAT. To combat this, most modern routers offer VPN passthroughs.
But a VPN passthrough isn’t your only solution. Newer protocols like OpenVPN and IKEv2 account for NAT and allow it to function. That’s why, when choosing your VPN provider, you should look at the protocols it offers.
For example, Surfshark uses advanced protocols that will allow you to use both NAT and a VPN at the same time to ensure you are protected.
NAT: The invisible protector
Although NAT firewalls aren’t primarily a security feature, they are incredibly useful on that front anyway. And if you’ve been paying attention, you may have discovered that your router already uses it.
Of course, just NAT isn’t enough to keep you safe from the many dangers on the internet. I always recommend using a VPN as well, but it’s a good start to safe online surfing.