NAT, or Network Address Translation, merges private IP addresses into a single public IP address. Its transition between public and private is where the “T” in translation comes alive.
Translating an IP typically means it goes from private to public (and back again). Below, I will go through the details of this network feature, so you know how it affects your online security.
You might already be familiar with NAT. However, handling NAT types can be a little annoying. Switching between your options can be painful, but it is vital to know the difference due to network security.
NAT works as a communication intermedium between different groups. For example, if you searched for something on the web, your request would go through your router. The router takes the data packets and the IP header to represent a public IP.
When data returns to you, the request returns the former IP, so it goes to your computer. So in a way, it’s like putting down your PO box instead of your address for receiving mail. While the mail will eventually reach your home, the sender doesn’t know your actual address.
Why Do We Need Network Address Translation?
NATs provide these benefits:
Private Network Security – Packets have to go through your firewall because you aren’t giving out a public address. It prevents malware and viruses from reaching your computer.
Conservation of IP Addresses – With increasing internet users, there are only so many IP addresses to go around. IPv4 is entirely out, leaving IPv6, which still has a limited number of options (albeit much more).
Hiding Your IP Address – Outside of using a router’s firewall, routers translate your IP address to hide it. While the IP address still contains details about your location, your public address is much more secure than your private address.
Despite some common terminology, there are no universal definitions for different NAT Types. You’ll typically find NAT types coming in pairs of two or three:
You will also often see PAT (Port Address Translation) discussed amongst Static vs. Dynamic NATs. We will go through how each one differs below:
A Static NAT translates your private IP address to a permanent public IP address. This translation method is when devices need consistent connections with external sources.
This NAT enables remote connection with external sources. For example, static IPs help host a gaming server. Those who have regular access to the server will not need to change it with every connection.
As you might imagine, privacy and security risks are associated with giving out a Static IP.
A Dynamic NAT is counter to Static NATs in that you connect to available registered addresses. This NAT provides you with more security, as hackers will need to locate your new IP with each connection.
Typically, IP address pools contain IPv4 (private) and IPv6 (public). The consistent changes prevent any constant connection to you, making it impossible to host servers or services.
Port Address Translation (PAT)
Port Address Translation (PAT) is an aspect of Dynamic NAT where a series of private addresses translate to one public address. This NAT is typical of many home networks, which saves room for new people accessing the internet.
Like standard Dynamic NATs, IPv4 and IPv6 addresses go through random selection from a pool. However, a single public address means that you must trace connections through a port number.
Knowing which computer owns which port number defines how you can find out what computers your network is accessing. It is just as secure as your standard Dynamic NAT.
Below, we are going to go through the second set of types.
Open NAT / Type 1
Open NAT, otherwise known as NAT Type 1, is a setting that allows all devices on the network to communicate with the outside world. When playing video games with friends or hosting public services, you will get the best performance here.
However, you open your LAN (Local Area Network) up for anyone to access your data. This exposure may lead to high potential data loss, providing unwanted exposure.
Moderate NAT / Type 2
NAT Type 2, or Moderate, is when you open router ports to access a single device on your network. Like PPTP, it creates something of a tunnel (minus the security).
Universal Plug and Play (UPnP) is an excellent example of Type 2 NATs in action. UPnP devices establish their own port forwarding rules, opening ports on your router as needed.
While it isn’t the “open season” perspective from having an Open NAT, it is not secure. Some programs and malware exploit exposures made through games or devices that use specific ports.
Manually configuring the ports gives you more control over what comes in and out of your system. This way, you can disable the open port when finished.
Strict NAT / Type 3
Those with a Type 3 NAT have no open ports on their router. This NAT prevents them from hosting any games, servers, or connecting to other Strict or Moderate NATs.
This type of Network Address Translation has the least love because of its lack of convenience. However, it is the best overall option when you consider security.
Leaving your network secure is the best point of NAT, especially if you are a privacy-conscious individual. Switching to a Moderate NAT Type is only recommended if you plan on hosting something on your server.
The Reasons To Use NAT
There are a couple of really good reasons to use NAT. Here are the most common reasons:
It prevents IP addresses from coming to an end: Thanks to NAT, the world saves up IP addresses. If it weren’t for NAT, IP addresses would be extinct. Without IP addresses, we couldn’t use the internet at all. So, yes, NAT is quite important.
It boosts your security: NAT doesn’t allow any parties to do or see anything on your device unless you initiate the contact. It is kind of a border line between internal and external networks.
It simplifies network administration: NAT provides a process to simplify internal network activity. It makes moving Web and FTP servers to other hosts and changes to be made on an internal network more easily.
Is Changing Your NAT Safe?
Changing your NAT type does come with risk, meaning that it is inherently unsafe. However, switching to the Moderate NAT Type is your safest option, so you will want to do that above all else.
How To Change NAT Type on Your PC
Changing NAT types is relatively easy because your PC has built-in network security and capabilities. On modern Windows PCs, this involves activating network discovery. Here’s what you need to do:
Go to Network & Internet under Settings
Choose “Change Advanced Sharing Options
Click “Turn on Network Discovery”
Network discovery comes with a specific level of risk. This situation is more so when you turn on the automatic features of network discovery.
Your alternative option is to adjust settings on your Windows firewall. To do so, you will need to get the Firewall port your program needs to access.
To do this, you will need to browse the program’s site to find out what port it accesses. If it still doesn’t work after this, you will need to check your router.
How to Change NAT Type on a Router (Both UPnP and Port Forwarding)
To activate UPnP, you need to access your router’s control panel. From there, you will browse the settings until you find UPnP.
The problem with UPnP is a large amount of network exposure. Having no control over your router ports results in significant risk.
Your alternative is to stick with a Moderate NAT, which involves port forwarding. You can also access this under your advanced router settings.
From there, it is clicking on the “Port Forwarding” page. From there, you find the necessary port and plug it in, typically under TCP/UDP connections.
You will need to be aware of the Mac Addresses associated with your devices, as you can only provide one port per device. This forwarding closes the ports for other devices.
You can find your specific port settings on a dedicated port forwarding website. Port forwarding also applies to changing your NAT type across all network devices. So this is a solution for consoles and specific games.
Port forwarding is the safest method for your home network if you want control over your exposures. Don’t forget to close the ports after you are done doing whatever.
How to Change Your NAT Type on Consoles (Both Playstation and Xbox)
To change your NAT type on consoles, follow the instructions for port forwarding above.
Below are the ports you need to use on each console:
Xbox One: Port 3074 UDP/TCP (additional Xbox consoles can use port 3075 and 3076)
Playstation 4: TCP 80, 443, 3478, 3479, 3480 and UDP 3478 and 3479 OR Protocol Both under 1935, 3074, and 3478-3480
Nintendo Switch: Ports 45000 through 65535. Nintendo recommends 1 to 65535, which is a dangerous level of exposure. Nintendo products do not support UPnP.
Changing Your NAT Type on Mac by Port Forwarding
Much like your PC, you can port forward using a Mac. All you need to do is find your Mac’s MAC address and find out your necessary ports.
You can find the Mac Address under your Network & Internet settings. If you want to maintain these settings, you will need to establish a static IP. However, our suggestion is to disable any ports after finished.
How To Change Your NAT Type on Linux
Linux follows all the same port forwarding suggestions above. Linux network ports are no different, given that all games across operating systems typically use the same ports.
Like other devices, you can find your mac address under the network settings.
Using a DMZ to Change Your NAT Type
A DMZ, or demilitarized zone, is an extra layer of potential security. However, most users do not understand how to use a DMZ properly, so it just acts as a traffic tunnel between your PC and the outside world.
Activating a DMZ is equivalent to having an Open NAT type without establishing custom settings. When starting a DMZ, be sure your firewall on your PC is active and up-to-date.
Having additional defenses meant to scan and monitor incoming connections actively can be incredibly useful. However, it is best to avoid using a DMZ unless you understand more challenging aspects of network security.
Can You Use NATs and VPNs at The Same Time?
Strict and Moderate NATs can block some connections. In some cases, having a loose NAT can break VPNs, causing your network address to be exposed.
You could use an old-fashioned PPTP connection back in the day to get through this. However, PPTP is not a secure encryption profile.
What is LAN?
LAN, or Local Area Network, is another way to say your home network. Devices behind the LAN are assigned private IP addresses.
What is WAN?
WAN, or Wide Area Network, refers to the internet. Your router has a public IP address to connect with other servers. The conversion from private to public IP addresses is where NAT comes in.
Conclusion – Is Changing Your NAT Type Worth It?
Because changing your NAT type is usually done on the router, router-side security is essential. Having an up-to-date firewall and only opening connections with necessary keeps you safe.
While tools like UPnP are convenient, they are a huge security risk. So if you want to play a game or host a server and have problems, port forwarding is your friend. Always remember to disable ports when done.
For additional online security, be sure to download FastVPN. Encrypting external connections can help secure in you many scenarios.