Network Address Translation (NAT) is what a router does when it lets many devices on a private network share one public internet address. The router rewrites the addresses on outgoing traffic and remembers each connection so the replies find their way back, which means inside devices can reach out but are not directly reachable from the internet.
At a glance
What it stands for
Network Address Translation
What it does
Lets many private devices share one public internet address
The side effect
Outbound works freely; inbound connections are blocked by default
Why you meet it
Hosting a service from home means working around it
Flow
Many devices, one public address
Each device has a private address. The router rewrites outgoing traffic to its single public address and tracks the connection so replies return. The green step is the reply finding its way home.
1
Private deviceseach with an address only the home network knows
2
Router rewrites the addressoutgoing traffic now wears the public address
3
Reply routed back to the right devicethe router remembered which one asked
What problem does NAT solve?
Your internet provider usually hands you one public address. You have more than
one device. Network Address Translation (NAT) is how the router squares that: when
a device sends traffic out, the router swaps the device’s private address for its
own single public one, notes which device asked, and forwards the reply back when
it returns. From the internet’s side it looks like one machine. From inside, every
device gets to reach out as if it had its own connection.
This is so routine that most people never notice it. It is also the reason home
networks are reasonably private by default: there is no public address pointing at
your laptop for a stranger to knock on. The translation only knows how to route
replies to connections that started from inside.
Why does NAT get in the way of self-hosting?
The same trick that lets everything reach out makes it hard for anything to reach
in. An outside request arrives at your shared public address with no idea which
internal device it is meant for, so by default the router drops it. That is fine
until you want to host something, a website, a service, a game, from a machine at
home. Then you have to tell the router explicitly where to send inbound traffic,
which is port forwarding, or sidestep the problem entirely with an overlay network
or a tunnel that lets the home machine reach out to a meeting point instead of
waiting to be reached.
Check it yourself
curl -s ifconfig.me
Prints the single public address your devices share. Compare it with a device's own local address and they will differ; that gap is NAT at work.
NAT lets you
Put many devices online behind one public address
Reach out to the internet from any device without setup
Hide the internal layout of your network from outside
Stretch a single provider address across a whole household
NAT gets in the way of
Accepting an inbound connection without extra configuration
Hosting a public service from home without a workaround
Knowing a device's reachable address; the public one is shared
Direct peer-to-peer links, which often need traversal tricks