« Back to Glossary Index
NAT is what lets 30 devices in an office building share a single internet connection. The router assigns private IP addresses internally and presents one public IP to the internet. When a device sends data out, the router notes which internal device sent it and routes the reply back correctly.
NAT also provides a basic security layer – external hosts cannot directly address individual devices behind the router. This is relevant for industrial sites where field devices should not be directly exposed to the internet.
- Private IP ranges – 192.168.x.x, 10.x.x.x, and 172.16-31.x.x are reserved for internal networks
- Port forwarding – creates a static mapping from a public port to a specific internal device (e.g. for remote SCADA access)
- DMZ / IP Passthrough – forwards all traffic to one designated device, bypassing NAT entirely
- Security implication – NAT alone is not a firewall; use explicit firewall rules alongside it