All IP packets have a source IP address and a destination IP address. Typically packets passing from the private network to the public network will have their source address modified, while packets passing from the public network back to the private network will have their destination address modified.
To avoid ambiguity in how replies are translated, further modifications to the packets are required. The vast bulk of Internet traffic uses Transmission Control Protocol (TCP) or User Datagram Protocol (UDP).
For these protocols the port numbers are changed so that the combination of IP address and port information on the returned packet can be unambiguously mapped to the corresponding private network destination. RFC 2663 uses the term network address and port translation (NAPT) for this type of NAT. Other names include port address translation (PAT), IP masquerading, NAT overload and many-to-one NAT. This is the most common type of NAT and has become synonymous with the term “NAT” in common usage.
This method enables communication through the router only when the conversation originates in the private network since the initial originating transmission is what establishes the required information in the translation tables.
A web browser in the masqueraded network can, for example, browse a website outside, but a web browser outside cannot browse a website hosted within the masqueraded network. Protocols not based on TCP and UDP require other translation techniques.
One of the additional benefits of one-to-many NAT is that it is a practical solution to exhaustion of the IPv4 address space. Even large networks can be connected to the Internet using a single public IP address.