What is Network Address Translation (NAT) firewall and is it necessary?

Ruheni Mathenge Last updated: September 14, 2022 Read time: 13 minutes Disclosure

A NAT firewall can be beneficial or an obstacle depending on what angle you look at. Check out this guide as we explain in detail what a NAT firewall is and how it works.

Sneak peek at NAT firewall

Network Address Translation (NAT) is the process of assigning one shared public IP address while allotting unique private IPs to all the devices connected within a network. This way, a NAT firewall ensures online safety via offering a single gateway to multiple devices in the network for accessing the internet and hiding the private IP. Moreover, the NAT firewall detects and blocks any connection request from outside the network, thus preventing malicious cyberattack attempts on your device. Yet, NAT firewalls may cause hindrance in other networking activities, like torrenting. In this guide, let’s dig out more about NAT firewall and its limitations and benefits.

NAT is a method of modifying an IP address by changing the information in the IP header. This enables several devices on a private network to use the same gateway to the internet.

Although the devices will share a similar public IP address, they will have unique private IP addresses. Most VPNs and WiFi routers offer these gateways. For instance, all the devices connected to the router will use the router’s public address, but each will have a different private IP address.

How do NAT works? The process isn’t as complicated as it seems. Essentially, when you access a web page, your device will direct a request to the router with a private IP address. Then, the router will change the request and send it to the site’s server using its public IP address. Finally, the server replies to the request, and the router sends it to your device through the private IP address.

On the other hand, a firewall is a protective layer that blocks unsolicited communications between devices. So, a NAT firewall permits only the traffic that has been requested by a device on the network to pass the gateway.

In fact, it discards malicious data packets or requests, effectively preventing potential dangerous connections. In addition, the firewall will mark any incoming traffic without a private network as unsolicited and destroy it.

NAT firewall is a great way to stay safe online as computers and servers cannot see your devices’ private IP addresses. This process is also popularly known as IP masquerading.

How to check whether the NAT firewall is working correctly

Do you want to know if the NAT firewall on your router is active? The process is straightforward. Just connect two different devices to the same WiFi network, like a smartphone and a laptop.

Then, run a Google search for ‘what’s my IP‘ on each of them. If a similar IP address appears on both devices, the NAT firewall is probably enabled. Usually, your devices will share the same public IP address, although they have different private IP addresses.

It’s more challenging to check if a NAT firewall is working on a VPN, but you can look at the provider’s documentation. Also, some VPNs come with the option to activate and deactivate the NAT firewall in the settings.

NAT firewalls and VPNs

A virtual private network (VPN) is an ingenuity technology that encrypts your traffic and redirects it through any intermediary server. Since the internet traffic routes through a VPN before reaching its destination, your router’s NAT firewall cannot differentiate between unsolicited and requested traffic. Everything from the VPN server looks the same because of the encryption, making your router’s NAT firewall useless.

As a result, many VPNs are integrated with NAT firewalls. So, the VPN will filter out unwanted traffic instead of your WiFi router. Usually, they offer a NAT firewall as an extra option, but sometimes they build it into the VPN’s software by default. However, some people do not agree that NAT firewall and VPN combination is good.

Usually, VPN providers either offer NAT firewalls or PAT firewalls. We will expound further on PAT firewalls later in the article. 

A VPN with an inbuilt firewall will allocate a unique private IP address to each user. Thus, it comes with all the advantages of a router’s NAT firewall, as we have discussed above.

On the downside, although you’ll be secured from unsolicited communications, the VPN provider or other third parties can track your device. The alternative solution is to eliminate private IP addresses and assign a similar public IP address to all VPN users on the same server. This adds a vital anonymity layer as nobody can trace online activities back to an individual or device through an IP address.

NordVPN is one top-rated VPN that doesn’t support NAT firewalls. Instead, the company indicates that it uses the port-blocking technique that achieves the same objective as a NAT firewall.

Port address translation (PAT) firewall

PAT firewalls are mostly confused with NAT firewalls. However, PAT is an acronym for Port Address Translation that allows a network gateway with a single IP address to represent many computers. The advantage is that each device is allocated a port number rather than a private IP address.

If the network gateway gets an outgoing address from a computer, it substitutes the return address with an internet-compliant address and adds a port number. Then, the gateway enters the connection in its translation table to recognize that the port number denotes a specific computer on the network.