How NAT works and why your IP differs from the router's

If you've ever compared the IP shown on meuip.dev with the address displayed in your computer or phone's settings, you've certainly noticed they're different. This phenomenon is the result of a technology called NAT — and understanding it explains a great deal about how the internet works every day.

The problem NAT solves

When the internet was created, the IPv4 protocol defined 32-bit addresses — allowing approximately 4.3 billion unique addresses. That seemed more than enough in the 1980s. It wasn't.

With the explosion of connected devices — computers, phones, tablets, TVs, cameras, smart appliances — it quickly became clear that 4.3 billion wouldn't come close to what was needed. The definitive solution is IPv6 (128-bit addresses, practically unlimited), but the transition is slow. In the meantime, NAT has been sustaining the internet for more than two decades.

What NAT is

NAT stands for Network Address Translation. It's a mechanism that allows multiple devices to share a single public IP address, using private addresses internally.

Here's how it works:

  • Your ISP assigns one single public IP to your connection (what you see on meuip.dev)
  • Your router creates an internal private network with addresses in the format 192.168.x.x, 10.x.x.x, or 172.16–31.x.x
  • Each device on your network gets a unique private IP within that network
  • When any device accesses the internet, the router replaces the private IP with the public IP before sending the packet
  • When the response arrives, the router identifies which device made the request and forwards the data correctly

Think of it like an office building with a single external phone number but internal extensions. People calling from outside only see the main number; internally, each desk has its own extension.

How the router tracks it all

The challenge of NAT is: if multiple devices share the same public IP, how does the router know who to forward each response to?

The solution is network ports. Each connection is identified by an IP + port combination. When your computer (192.168.1.10) visits a website, the router records an entry in a table:

Internal IP   | Internal Port | External IP     | External Port
192.168.1.10  | 54231         | 177.x.x.x       | 49821
192.168.1.20  | 61042         | 177.x.x.x       | 49822
192.168.1.35  | 48901         | 177.x.x.x       | 49823

When a response arrives on port 49821, the router knows exactly that it should forward it to 192.168.1.10. This table is called the NAT translation table or connection tracking table.

Types of NAT

Static NAT — maps a fixed private IP to a fixed public IP. Used when an internal server needs to be reachable from the internet with a constant IP.

Dynamic NAT — maps private IPs to a pool of available public IPs. Less common in home environments.

PAT (Port Address Translation) — also called NAT overload or masquerade, this is the most common type. Multiple devices share a single public IP, differentiated only by port numbers. This is what your home router uses.

CGNAT (Carrier-Grade NAT) — a second level of NAT applied by the ISP itself. Multiple customers share the same public IP. This creates complications for hosting servers and online gaming.

Double NAT: the CGNAT problem

Many ISPs, especially mobile internet providers, implement CGNAT to conserve IPv4 addresses. This means you have NAT at the router level (private IP → ISP's IP) and the ISP has another NAT layer (ISP's IP → real public IP).

How to tell if you're behind CGNAT:

  1. Access your router's settings and check the IP on the WAN interface
  2. Compare it with the IP shown on meuip.dev
  3. If they're different, you're behind CGNAT

IPs in the 100.64.0.0/10 range on the router's WAN interface are a clear sign of CGNAT — this range was specifically reserved for that purpose.

Impacts of CGNAT:

  • Impossible to host servers or set up port forwarding
  • Issues with some online games that need direct peer-to-peer connections
  • VPNs may have trouble working
  • Cameras and DVRs not reachable remotely without tunneling services

Port forwarding: creating exceptions in NAT

NAT blocks connections initiated from outside to inside — by default, no one can directly connect to a device on your network. For servers, cameras, and games, this is a problem.

The solution is port forwarding: you configure the router to automatically forward connections on a specific port to an internal device.

Example: you want to remotely access your camera (192.168.1.50). In the router, you configure:

  • External port 8080 → forward to 192.168.1.50:80

Now, any connection arriving at your public IP on port 8080 will be redirected to the camera. For this to work, you need to know your current public IP — meuip.dev handles that instantly.

Warning: port forwarding exposes internal devices to the internet. Always use strong passwords and keep firmware updated on exposed devices.

NAT and the future with IPv6

IPv6 eliminates the need for NAT — with practically unlimited addresses, every device can have its own unique public IP. This enormously simplifies peer-to-peer connectivity, online gaming, VoIP, and home server hosting.

IPv6 adoption is progressing globally, with major ISPs already offering it across much of their infrastructure. When you visit meuip.dev, the site displays both your IPv4 and IPv6 addresses (when available), letting you verify whether your connection already supports the more modern protocol.

Conclusion

NAT is one of the most important and least visible technologies of the modern internet. It allows billions of devices to coexist with a limited pool of IPv4 addresses, running silently in every home and corporate router in the world. Understanding how it works helps diagnose connectivity problems, configure servers correctly, and understand why your internal and external IPs are always different.

Whenever you need to know your real public IP — the address the world sees after passing through NAT — meuip.dev displays that information instantly.