I'll give you an answer that isn't simply copy/paste from some random web resource.



NAT is a somewhat less commonly implemented than most people think, since what lots of cheap home router manufacturers like to call "NAT" is really PAT. When you have NAT enabled, whenever a machine from your network requests an outside address, say, "10.10.10.10", your router notes the IP address of the local machine along with the IP address that you're trying to obtain in a "NAT table". It then changes the source IP address in the IP packet header (basically, takes the packet of information you're sending, and changes the information to make it appear like it came from your public internet address), and sends it out on the Internet.



Whenever the router receives incoming traffic from the Internet, it takes the addressing information in the IP packet header and looks for a match in your NAT table. If the traffic source (where it came from) is "10.10.10.10", your router will find a match in the NAT table, and know to forward it to the internal address of the machine that requested to talk to "10.10.10.10" earlier. It does this by changing the IP packet header again, and modifying the destination IP address from your Internet IP address, to the local network address of the computer that requested the data, and sending it out on the local network.







PAT is sometimes called "overloaded NAT". It takes address translation one step further and uses port addresses as well. This makes it more resource intensive, but more suited for an ISP customer with only one public IP address. (Imagine if you were using NAT on your home router. If you googled something, no one else on your connection would be able to use google, 'cause the NAT table says to forward all traffic from google to your machine)



When you request something from a server on the Internet, say, "20.20.20.20" on port 80, with a source port (the port that your computer expects to receive the data that the server sends back on, which is also included in the IP packet header) of 1500, your router punches the information into the PAT table, and works just the same as NAT would. When information is returned to the server, it looks it up in the PAT table, and it finds a match for traffic coming from 20.20.20.20 with a destination port of 1500 (the port your computer asked to get information back on), it changes the IP packet header to make the desination IP address the address of your internal computer, and your computer gets the data.



The neat thing about PAT working with ports, though, is that if you request information from a server at 20.20.20.20 with a source port of 1500, and then another computer on your network requests information from the same server with the same source port, the router will notice that someone is already talking to 20.20.20.20 with a source port of 1500, so it can't use that source port. What it'll do instead is change the source port to one number higher, so the information will be sent to the server with a source port of 1501 instead.



When the router receives information from 20.20.20.20 on port 1501, it'll look it up in the PAT table. The PAT table will tell it that information coming from 20.20.20.20 on port 1501 should go to your internal machine on port 1500.



That way, even when two seperate machines talk to 20.20.20.20 on port 1500, the router will make sure that the two seperate conversations don't clash. All with only one public IP address.



I hope this was helpful. =)

Pat Networking

More detail on above answers can be found at:

http://www.enterprisenetworkingplanet.com/netsp/article.php/3632496

http://www.webopedia.com/DidYouKnow/Computer_Science/2006/NAT_and_PAT.asp



In short layman's terms..



Most networks nowadays uses IP addresses in order for computers within that network to communicate with one another. The IP addresses used within the network typically belong within a specific range. If computers from 2 remote networks want to communicate with each other, and if both networks are in different IP range, then they will not be able to.



NAT (Network Address Translation) enables the computers from 2 remote networks to communicate with each other by providing a Table which keeps track of incoming and outgoing IP addresses. For example..



Your home which has 2 computers, are using IP addresses 192.168.1.2 and 192.168.1.3. They connect to a router that has an IP address of 192.168.1.1 which in turn connects to your ISP on an IP address of 168.20.30.18. Your router has a WAN IP address of 168.20.30.18 but a LAN IP address of 192.168.1.1.



Your home PCs will send internet page requests to 192.168.1.1. Your router routes these requests through 168.20.30.18 to your ISP. Your ISP returns the page info to 168.20.30.18, and your router, through the NAT, determines which of the IP addresses (192.168.1.2 or 192.168.1.3) actually requested the respective page.



The router will know which page request came from which PC because each request will have with it, tagged network identification information that indicates the IP address of the requesting PC. All that information is stored together in the NAT (or at least for the sake of a simple layman's answer).



PAT is just a beefed up version of NAT. It basically does the same thing but in a different way that is more efficient.



Hope that's clear for you.

Understanding NAT and PAT



Due in large part to alleged NAT support on consumer devices, many people are confused about what NAT really is. NAT, or Network Address Translation is used for many purposes, including but certainly not limited to, saving IP addresses. In this article, we'll try to clear all this up.



NAT is a feature of a router that will translate IP addresses. When a packet comes in, it will be rewritten in order to forward it to a host that is not the IP destination. A router will keep track of this translation, and when the host sends a reply, it will translate back the other way.



Home users who talk about NAT are actually talking about PAT, or Port Address Translation. This is quite easy to remember: PAT translates ports, as the name implies, and likewise, NAT translates addresses. Sometimes PAT is also called Overloaded NAT. It doesn't really matter what you call it, just be careful about blanket "NAT can't" statements: they are likely incorrect.



Now that that's out of the way, let's clarify some terminology required for a NAT discussion. When we refer to the inside, we're talking about the internal network interface that receives egress traffic. This internal network may or may not be using private addresses — more on those in a minute. The outside refers to the external-facing network interface, the one that receives ingress traffic. In the real world, it is not the case that NAT is simply using a single outside IP; translating traffic into internal IPs and ports. That's what your Linksys router does. Key Terms To Understanding NAT and PAT:

NAT

Short for Network Address Translation, an Internet standard that enables a local-area network (LAN) to use one set of IP addresses for internal traffic and a second set of addresses for external traffic.



PAT

Short for port address translation, a type of network address translation. During PAT, each computer on LAN is translated to the same IP address, but with a different port number assignment.





The "inside" of a NAT configuration is not synonymous with "private" or RFC1918 addresses. The often-referred-to "non-routable" addresses are not un-routable. You may configure most any router to pass traffic for these private IP subnets. If you try and pass a packet to your ISP for any of these addresses, it will be dropped. This is what "non-routable" means: not routable on the Internet. You can and should mix RFC1918 addresses (for management interfaces) on your local internal network.



NAT is not used to simply share a single IP address. But when it is, in this strange configuration that's really called PAT, issues can arise. Say two geeks want to throw up an IPIP tunnel between their networks so they can avoid all the issues of firewall rules and state-keeping. If they both use the same IP subnet, they can't just join two networks together: They won't be able to broadcast for each other, so they will never communicate, right? It would seem that one side or the other would have to renumber their entire subnet, but there is a trick. Using a semi-complicated NAT and DNS setup, the hosts could actually communicate. This is another case of blanket "NAT is evil" statements actually having little reflection on reality. This issue does come up frequently when two companies merge and various branch offices need to communicate.



So why in the world would someone want to use one external IP and map it to one internal IP, as opposed to just translating the port? Policy. It's even likely that both sides will use real bona fide Internet IP addresses. Everyone understands that NAT (the naive definition) will keep track of state; it's the only way to make translations happen. What they may not realize is that stateful filtering is a powerful security mechanism.



Stateful filtering means that the router will keep track of a TCP connection. Remember: a TCP connection consists of four parts: the remote and local IP address, and the connected ports. Stateful filters verify that every packet into the network is part of an already established, pre-verified connection.



Imagine a B2B transaction that ships sensitive data across the Internet, even between continents. It's not feasible to lay fiber for this purpose, so the Internet has to be used. What to do? How would you secure this transaction, or set of transactions? It can be done with IPSEC, but also utilizing NAT at the same time. Each side will have a 1:1 (real) NAT router configured to only allow specific connections from specific hosts. This guarantees that from either network, only authorized hosts will be making a connection. This also guarantees that hosts on both sides have been minimally exposed, and very unlikely compromised, since nobody else can get into that network.



Once the session starts, packets are carefully inspected in and out of each NAT router. If something nefarious happens, and someone in-between is able to inject a forged packet into the stream, at least one side will notice. One of the NAT routers will be able to detect that a sequence number anomaly has occurred, and can immediately terminate all communication. When the TCP session completes with a FIN, the state is wiped clean.



In much the same way, home users take advantage of PAT to keep their less-than-secure machines from being completely taken over on a daily basis. When a connection attempt from the outside hits the external interface of a PAT device, it cannot be forwarded unless state already exists. State setup can only be done from the inside, when an egress attempt is made. If this version of NAT didn't exist on such a wide scale, the Internet would be a completely different place. Nobody would ever successfully install and patch a Windows computer prior to a compromise without some the minimal protection provided by PAT.



Clearly, NAT is useful in these cases. So why do people say that NAT is evil? They are likely referring to PAT, the bastard child of NAT. It's called "overloaded" for a reason.



IPv6 introduces the capability to have way more IP addresses than we really need. Does that mean that IPv6 will eliminate NAT? No. It also won't eliminate the usage of NAT everyone's familiar with: PAT. We all need somewhere to stow Windows boxes away from the myriad of uninitiated connection attempts that come from the Internet.

Basically it takes a single IP address and "splits" it up into other IP addresses. It was started because we were running out of IP addresses on the internet.

The explanation from Cisco at http://www.cisco.com/warp/public/556/nat-cisco.shtml

seems pretty straightforward.

When it's got one computer and a modem...?