Port address translation is a means for multiple devices on a private network to share one public network address. It is a network device feature which modifies incoming and outgoing Internet Protocol (IP) packets. The IP address and port number are both altered, preventing the public network from directly accessing hosts on the private network. Port address translation is used by network routers to share one public Internet address with all computers on the local network. This conserves public IP addresses instead of requiring one for each local computer that needs to access the Internet.
Both Transmission Control Protocol (TCP) and User Datagram Protocol (UDP) packets are translated by this process. Each packet contains a source IP address and a source port number. It also includes a destination IP address and a destination port number. Port address translation, also known by the acronym PAT, creates a table which maps addresses and port numbers as they are used. This table is kept in the PAT device, which may be a hardware router, a software firewall or a similar device.
When a computer on the local network sends a packet out to the public network, the PAT device can alter its header data. The actual source address is replaced with the IP address of the port address translation device. A new port number is assigned by the PAT device for the source computer's connection to the public network. The actual source port number in the header is then replaced with the newly-assigned one. In this way, the outgoing packet is modified to appear as if it came directly from the PAT device.
For an outgoing packet, the port address translation table keeps a copy of the source address, source port and assigned port. The same port number can be used for each packet with that source address and port, simply by doing a table lookup. When the public network responds, it will send packets to the PAT device's IP address on the assigned port number. The PAT device will then replace that destination address with the actual private address from the lookup table. It will also replace the port number in the packet header with the actual port number from the table.
Network address translation (NAT) is a related method of mapping IP addresses. Port address translation is actually a subset of NAT called overloaded NAT. PAT is sometimes referred to as NAT or as network address port translation. Variations of NAT exist which map only IP addresses or only source addresses and source port numbers. Other forms map only destination addresses and destination port numbers, or both types of ports and addresses.