Your IP: Unknown · Your Status: Unprotected Protected
Blog In Depth

What is an NAT firewall and what does it do?

Dec 17, 2019 · 4 min read

What is an NAT firewall and what does it do?

Did you think that getting results from a search engine is as simple as connecting from A to B, from your device to a web server? No, multiple hidden tools check your traffic and ensure your network’s security. One such tool is the NAT firewall, which you most likely have on your router. Read on to find out more about NAT and whether it affects your VPN connection.

What is a firewall?

To understand what NAT firewall is, we first need to understand what a firewall is and what it does. The simplest analogy to explain it is this – if your computer is a busy CEO, then a firewall is the CEO’s secretary. He or she sorts the mail and makes sure that only mail that the CEO actually wants gets through.

When you browse the internet, send emails or watch movies online, you send requests for information to specific website servers. The firewall stands in between your local network and the wider net. The firewall compares the information that’s returning with the information you requested – everything that’s a match gets through, and everything that it can’t recognize is discarded. This way, the firewall protects you from uninvited malicious internet traffic that might otherwise try to compromise your system.

There are different types of firewalls, which can be split into three categories – software, hardware and cloud-based solutions. Different firewalls also apply different filtering methods, which makes them more reliable than others. To find out more about firewalls and filtering methods, read our “What is a firewall?” post.

What is NAT and how does it work?

NAT stands for Network Address Translation. It was invented to solve a problem presented by the IPv4 protocol – a shortage of IP addresses. Back in the day, IPv4’s founders thought that 4.3 billion IP addresses would be sufficient for all internet-connected devices. However, considering that there are over 7 billion people in the world and many of us have more than one device, it’s evident that we don’t have enough.

If the firewall is a secretary, the NAT firewall is a secretary that sorts mail for multiple recipients at a single office address. Your router that connects to the internet is assigned a single public IP address. It’s visible to the wider net and is needed to communicate with web servers. Any devices connected to the router locally have private IP addresses, which do not allow them to directly ‘communicate’ with the required web servers. This is where NAT comes into play – it directs traffic back and forth.

How NAT works

This is how NAT works:

  1. Your device sends a request to a web server by sending data packets. These packets include information such as the sender and receiver’s IPs, port numbers, and what information is requested.
  2. The traffic goes through a router with an NAT firewall. NAT changes the data packet’s private IP to the router’s public IP. It notes this change and adds it to its NAT forwarding table.
  3. Data packets reach the web server and get the necessary information.
  4. The information travels back to the router. Now it’s the NAT’s job to send the information back to the device that requested it. Otherwise, every connected device would receive the same information. The NAT uses its forwarding table to determine who requested this data.
  5. NAT changes the data packet’s public IP to its previous private IP and sends it to the requested device.

For more information, check out our YouTube video, explaining how NAT firewalls work:

How does NAT protect you?

The NAT works as a hardware firewall solution, even though it’s not a security tool by design. So how does it protect you?

  1. It hides the IP addresses of any devices on your network from the outside world, giving them all a single address.
  2. It requires every incoming packet of information to have been asked for by a device. If a malicious data packet isn’t on the list of expected communications, it gets rejected.
  3. Some firewalls can use whitelisting to block unauthorized outgoing traffic, so if you do contract a piece of malware, your firewall may prevent it from communicating with your device.

More sophisticated attacks can make it through, especially ones that employ phishing or social engineering methods. However, that doesn’t mean you shouldn’t use one. Without an NAT, it would be simple for any amateur hacker to access your computer simply by learning your IP address.

NATs and VPNs

Some argue that a VPN shouldn’t be used with an NAT. Why? A VPN encrypts your traffic before it reaches the internet, making it indecipherable. The NAT needs to know some information about that traffic to do its job. Outdated VPN protocols (PPTP and IPSec) don’t give enough information to the NAT and can be blocked as a result. To solve this problem, your router needs a VPN passthrough.

The good news is that most routers have built-in VPN passthroughs. Even if they don’t, most popular VPN providers offer more advanced protocols that do not require passthroughs. NordVPN, for example, no longer uses these outdated protocols and even uses built-in NAT firewalls on its servers.

Try NordVPN now with a 30-day money-back guarantee!


Emily Green
Emily Green successVerified author

Emily Green is a content writer who loves to investigate the latest internet privacy and security news. She thrives on looking for solutions to problems and sharing her knowledge with NordVPN readers and customers.


Subscribe to NordVPN blog