Question on NAT and PAT

Hello all, i'm using Trainsignal to study for the Network+ and having some confusion on this subject.

The Technotes here on NAT and PAT state:

NAT offers some security as well, because only a single public IP addresses needs to be visible to external hosts while the internal network addressing schema can remain hidden.

Instead of using a list of internal and external addresses, a single external address can be used by changing the source port, which is essentially part of the complete address known as socket (the combination of an IP address and a port number). This is also known as Port Address Translation (PAT).

Wikipedia states the folllowing as well:

Most systems using NAT do so in order to enable multiple hosts on a private network to access the Internet using a single public IP address

Port Address Translation (PAT) is a feature of a network device that translates TCP or UDP communications made between a host and port on an outside network, and a host and port on an inside network. It allows a single IP address to be used for many internal hosts.

Ok so apart from the obvious that PAT uses port numbers to differentiate between the internal hosts, what other differences are there?

For example if a router only has one Public IP and is configured to use NAT. Does that mean only one host will be able to communicate with the internet at a time? Or can multiple hosts use the internet at a time, and if so why? since they're not being differentiated by ports? If you dont understand my question feel free to ask I really would like to clear this up. Thanks

Find more posts tagged with

SAVE $250 on Your CompTIA Boot Camp — Use Code "EXAM26"

Exclusively for TechExams members for Infosec Boot Camps starting before April 30, 2026

View CompTIA Boot Camps

Comments

Netstudent

I know this is an old post, so just in case it never got cleared up, I will add a little.

For example if a router only has one Public IP and is configured to use NAT. Does that mean only one host will be able to communicate with the internet at a time? Or can multiple hosts use the internet at a time, and if so why? since they're not being differentiated by ports? If you dont understand my question feel free to ask I really would like to clear this up. Thanks

There are 3 different flavors of NAT. First is Static NAT, Dynamic NAT with Nat pools, and then PAT.

If you have one public IP that is being used to tanslate a private address, you can have hundreds of hosts use that single public IP. As you stated previously, the port numbers are used to differentiate between the different sessions. So each translation will have the same public IP, BUT each translation will also have a differnt set of port numbers to use. Each session will use a differnet port so that the translations are independent of each other. This is PAT and sometimes is also called overloading. You are overloading a public IP with multiple private addresses.

Now with Static NAT, you must manually create the translations in the router.
It would be something like this in a cisco router.

"ip nat inside source static 172.16.30.1 200.69.64.1"

This is creating a manual static translation between the private and public IP. So in this case, only that single host will translate to this public IP and be able to get out to the internet.

Then there is Dynamic NAT in which you setup a POOL of public IP's. If you have 5 public IP's in the pool, only 5 hosts are going to be transalted to a pub. ip and get out of the private network.

Each vendor has their own implementation of Nat configurations, but the concept is the same.