Copyright (c) 2026 MindMesh Academy. All rights reserved. This content is proprietary and may not be reproduced or distributed without permission.

5.1. Network Address Translation (NAT)

💡 First Principle: NAT translates private IP addresses to public IP addresses, allowing many internal devices to share few public addresses. It's the reason IPv4 has survived beyond its address exhaustion—NAT extends the usable address space by hiding entire networks behind a single public IP.

What happens without NAT: Your company has 500 employees, each needing internet access. Without NAT, you'd need 500 public IPv4 addresses—which would cost thousands annually (if you could even get them). With PAT, all 500 users share a single public IP, differentiated by port numbers. The cost drops from thousands to almost nothing.

Think of NAT like an office receptionist. Inside the building, everyone has internal extension numbers (private IPs). When they make external calls, they all appear to come from the main office number (public IP). The receptionist (NAT router) keeps track of who made which call so responses go to the right person.

What breaks when NAT goes wrong: If you forget the ip nat inside/outside commands, translations don't happen—internal users can't reach the internet. If you run out of NAT pool addresses (dynamic NAT), new connections fail while existing ones work. If your static NAT entry is wrong, your web server is unreachable. NAT troubleshooting is a critical exam skill.

The three NAT types you must know:
  • Static NAT: One private IP permanently mapped to one public IP—used for servers that need consistent external addresses
  • Dynamic NAT: Private IPs share a pool of public IPs—first come, first served
  • PAT (overload): Many private IPs share ONE public IP using port numbers—what your home router does

Consider this troubleshooting scenario: Users report internet access is intermittent—works sometimes, fails other times. You check the NAT table and see translations maxing out. The culprit? Dynamic NAT with a pool of only 10 addresses for 50 concurrent users. Switch to PAT (overload) and the problem vanishes—one public IP can handle thousands of simultaneous connections.