Hello, you are using an old browser that's unsafe and no longer supported. Please consider updating your browser to a newer version, or downloading a modern browser.
Training Camp • Cybersecurity Glossary
Port Address Translation, a NAT variant that maps many private IPs to one public IP using unique port numbers (also called NAT overload).
PAT Definition: Port Address Translation, a NAT variant that maps many private IPs to one public IP using unique port numbers (also called NAT overload).
Port Address Translation (PAT) is a form of Network Address Translation (NAT) that lets many devices on a private network share a single public IP address by distinguishing their connections with unique port numbers. Also known as NAT overload or NAPT, it is the technique that allows an entire home or office LAN to reach the internet through one routable address.
PAT works by rewriting both the source IP and the source port of outbound packets. When an internal host opens a connection, the router replaces the private source IP with its public IP and assigns a unique source port, recording the mapping (original private IP and port to translated public IP and port) in a translation table. Return traffic arrives at the public IP and port; the router consults the table to translate it back to the correct internal host. Because port numbers range into the tens of thousands, one public address can support many simultaneous internal sessions.
PAT matters for both address conservation and security. It is a primary reason the IPv4 internet has scaled despite limited address space. As a side effect, it hides internal IP addressing from the outside world: external hosts see only the public IP, and unsolicited inbound connections have no translation entry to match, so they are dropped. This is not a substitute for a firewall, but it does reduce direct exposure of internal hosts.
For example, a small office of 50 computers connects through a single ISP-assigned public IP. When several employees browse the web at once, the router translates each session to the same public IP but a distinct source port, such as 203.0.113.5:50001 for one laptop and 203.0.113.5:50002 for another. Responses return to those ports and the router routes each back to the right machine. To external servers, all 50 devices appear as one address, conserving public IPs while masking the internal network structure.
Turn knowledge into credentials with our instructor-led cybersecurity boot camps.
View All Courses →