Why Call a NAT a Router?

What people today call a router when referring to a device bought to share a broadband connection, is what is properly called a network address translator (NAT). It translates between “fake” internal network address and real public address. Routers use the Router Information Protocal to share with each other information about which networks are connected to them - that is, to which networks they can route your packets. If you are behind a “real” router, you have a “real” IP address on your NIC which you can give to anyone and they can reach your computer. If I gave you my internal IP address, you’d never reach me…you need the address held by my NAT.

Some people discuss the “firewall” feature of a NAT as though it is a feature…a NAT is not really a firewall - there is no way to get to the inside of an internal network without doing a port assignment. A real firewall sits somewhere between your computer and the router and filters out packets it doesn’t want to reach you.

Same thing with hubs. Today you probably cannot by an unswitched “hub”. But I’d call it a switch unless there is a shared medium through which all packets were sent to all nodes (regardless of if they wanted to listen) and collision detection is necessary to determine if two devices transmit over the shared medium at the same time.

Now we call it a hub if it doesn’t NAT, and a router if it does. No one owns a true router in their own home. Since all of these terms and concepts are foreign to new home networkers, why did they get started using the wrong ones? I don’t guess it is very important, but something I wondered about after seeing another thread.


  1. A router is called a router because it routes packets and it connects networks. One side has one IP address, the other side has another.
  2. NAT is network address translation - this runs ON the router, but it is not the router itself.
  3. A firewall does lots of things, can be on a hardware device, or software and can be located anywhere.
  4. There is no such thing as an unswitched hub? All hubs are unswitched - if they were switched, they’d be a switch - sheesh.

I suggest you go to some site that has a dictionary of computer terms, maybe here or something. Look up NAT, firewall, router, switch, and hub.

Either way, this is the weirdest post I’ve ever seen. I don’t know what you were trying to accomplish - no one owns a router in their home?! Very strange and inaccurate. Hope no kids were using this post for thier homework or anything…

As someone who’s spent the last 15 years designing and building routing and network security devices, and who holds over a dozen patents in those areas, I’d like to politely suggest that the OP doesn’t know his ass from a hole in the ground.

unswitched hub: a device that runs at layer 2 and defaults to the speed of the lowest connected component
switched hub: a device that runs at layer 2 and runs each component at it’s rated speed
switch: a device that runs at layer 3
router: a device that runs at layer 4

It’s rather confusing and was many a way for unscrupulous hub makers to make consumers think they were switches.

Hmmm, I’m not sure I quite agree - except for the bit about it being confusing, I agree emphatically there.

In the old days, hubs were basically speaking multi-port repeaters. They had to know some Layer 2 details in order to run spanning tree, but they did not retain any MAC addresses to make forwarding decisions - on the contrary, they propagated data, including layer-2 broadcasts and collisions, on all ports and as you note, all ports had to run at the same speed.

(Mixed-speed hubs only worked because someone snuck a bridge in there - they are sorta hub/switch hybrids. For instance, they do not propagate collisons between the different media.)

“Classical” LAN switches, like hubs, run at at the MAC/LLC layer - i.e, datalink layer or layer 2. Unlike hubs, they make forwarding decisions based on retained MAC address information, and they do not propagate collisions. They do, however, propagate layer-2 broadcasts. (There are units called Layer 3 switches. I consider them very fast routers. Mainly because they route. Not that I’m going to win that battle.)

Routers run at the first routable layer - IP, IPX, Appletalk DDP - the network layer or layer 3. They can and most often do make routing decisions on information from other layers as well - layer 4 (TCP, UDP), for instance - but I can configure a Cisco router to make its routing decisions on IP addresses only, and it’ll chug along quite happily, never caring what layer 4 information is being handled. Oh, and a router provides complete isolation from Layer 2 details - neither collisions nor layer-2 broadcasts are propagated.

Sadly, marketers have been happy to muddy the waters. Somehow, the idea must have appeared that “switch” equals “fast”, and then everybody wanted to sell Layer-X switches. Feh.

Oh, and the OP is rather completely wrong.

Spiny - CCNP, CCDA, 10+ years of Cisco-wrestling.

So what set of acronyms and names properly belong to this popular wireless “router/hub/switch” beast
Linksys WRT54G
Model Number WRT54G
Standards IEEE 802.3, IEEE 802.3u, IEEE 802.11g,
IEEE 802.11b
Channels 11 Channels (US, Canada)
13 Channels (Europe)
14 Channels (Japan)
Ports/Buttons Internet: One 10/100 RJ-45 Port
LAN: Four 10/100 RJ-45 Switched Ports
One Power Port
One Reset Button
Cabling Type UTP CAT5
LEDs Power, DMZ, WLAN, LAN (1, 2, 3, 4), Internet
RF Power Output 18 dBm
UPnP able/cert Able
Security Features Stateful Packet Inspection (SPI) Firewall,
Internet Policy
Wireless Security Wi-Fi Protected Access™ (WPA), WEP,
Wireless MAC Filtering

It’s a router. Like SpinyNorman said this “beast” runs at layer three, and makes routing decisions based on the IP information and it’s routing table. Layer two broadcasts are not propagated. It’s a router.

Please tell me how my router can provide access to a host located on my internal network, without that host having to provide the routing information (e.g. the IP address of a router) to the clients?

A router tells a client on another network how to get to my host when that client only knows the host’s address.

This is why I put the the word “hub” in quotes. What I buy at the store is called a hub, but it is actually a switch.
Thanks for the link! Maybe you should have read it yourself.

Does my broadband router use headers and forwarding tables to determine the best path for forwarding the packets, or protocols such as ICMP ( or RIP) ? No, because it is a FUCKING NAT:

Cooper, with all due respect, someone’s been giving you less than correct information.

The term “router” is pretty well defined: A device with two or more interfaces that connects different networks and makes forwarding decisions based on Layer 3 address information - Layer 3 being the lowest OSI layer that has a concept of “network”.

Typically, a router will run routing protocols as well, but that is by no means necessary. You can configure a highe-end Cisco box with static routes only and it will quite merrily move traffic between a dozen interfaces. No RIP, no OSPF, no EIGRP, no nothing. It wouldn’t be a fun network to maintain, of course.

NAT is a L3/L4 feature that a given router may or may not have. I fondly remember when Cisco brought out their first IOS releases with NAT - it was not the way we used to think.

It can’t. It doesn’t have to. All it has to do to qualify as a router is to move the traffic between your internal network and the upstream networks.

Not necessarily. Nice big routers can do so, of course. But most often, the remote host knows only of a default gateway. Core routers will need to exchange routing info. Access routers most often just need to know whether traffic is local or upstream.

It sure does. It’s a simple decision and some very small forwarding tables with only two paths - but it’s the exact same sort of routing decision, based on header information, that a Cisco 12000 Internet core router w. full BGP table makes.

Oh, and you can bet it’s running ICMP.

I know personal authority is normally not a valid coin around here, but I’ve fixed networks for a living since 1992, for telcos and ISPs, and I’ve never heard anyone refer to “a NAT” as a hardware unit. If a box can run NAT, it’s a router.

I didn’t choose webopedia as the source of my information, but they refer to a NAT as a “box”. If we agree that there is no such thing as a NAT which does not also route, isn’t “NAT” a more useful term to describe my broadband device than router, which doesn’t have any “big” router functions (which certainly don’t have to be used by a “big” router)?

I suppose a question and answer session about semantics like this is pointless and clearly I am wrong based on the sample of respondants to this post; when it comes to semantics there is no judge but the jury.

However, I think there is a useful distinction between a box which routes (duh, this is in internal, duh, this is external) and a box which ROUTES.

Also, I think there is a problem when no one can admit that a particular host is inaccessible without it having special knowledge of the “router” it sits behind. I keep getting back to this. My computer on its own CAN NOT TELL YOUR COMPUTER HOW TO TALK TO IT. If my host were on an internetwork that shared an addressing scheme with yours, it could. As it is now, I have to query my router to find its “real” ip address, make a port assignment and forward that information to you.

I dunno. In my mind, it’s a purely technical distinction - like “two-stroke engine”. Those can power model planes or supertankers, but they work on the same principle. Different strokes (no pun intended), I guess.

I’m honestly not sure what you’re getting at here. What special knowledge do you have in mind ?

I’m still not sure what you mean by querying your router to find its real IP address. Your local host can remain blissfully unaware of the (presumably ARIN-assigned) address that the ISP has assigned to the outside interface of your broadband router, if that’s what you mean by “real”.

Nope, because NAT is something that your router DOES (among other things), and not what it IS. In fact you can take an old IBM XT machine, install an old Linux distro on it, plug in some network cards, and install the appropriate software on it, and you also have a router. There are several implementations of a minimal Linux distribution with all the needed software to turn your box into a software router. Most of them fit on a simple 1.44MB floppy.

There are also several applications that can turn your Windows box into a software router (WinGate, Sygate, Microsoft Internet Connection Sharing). Does that mean my high-end PC running Windows 2003 Server and Internet Connection Sharing, is a NAT, just because it does NAT? Nope, it’s a PC whch just happens to do software routing.

There is some real good information on how NAT works here. Basically, a packet from a machine on your internal network arrives at the router. The router checks the IP of the source machine, and the IP of the target on the outside network. It remembers these values in an internal forwarding table. It then changes the IP header, so that the target machine will send it’s response back to the router and NOT to the IP adress of your machine on the internal network (This is the Network Address Translation!). When the router receives a packet from the target machine, it checks it’s forwarding table, and forwards the packet to the appropriate machine on the internal network. It is possible to go into a lot more detail, but that’s what happens in a nutshell.

To summarize again. NAT is something your router DOES, not what it IS.

It’s really simple. Say your host has the IP address and the router has the internal IP address By internal I mean the IP adress on the internal network. At the interface to the internet (external IP address, usually provided by your ISP), the router has the IP address, and you want to connect to Google at

Your host realizes that you are trying to access another network, so it send the packet to the default gateway. The default gateway is either set up manually in you IP configuration, or you received it as a DHCP client. Either way your host knows where it’s default gateway is. In this case it should be the internal address of the router ( The router checks the packet, and sees that it comes from and wants to go to Google. It changes the header of the packet, so that the response from Google is sent to and NOT to This is the Network Address Translation. The router remembers that a packet coming from Google should be forwarded to by using an internal forwarding table. That’s it!

In reality it’s a little more complicated, because what do we do if two machines in the internal network are trying to access Google at the same time? How does the router know which packet coming from Google goes where? It knows this because the new packet header is actually wrapped around the old packet, so that the packet still has information on which machine originally sent the packet that Google is responding to.

I understand how I can connect to Google. But what my computer cannot do for example, is tell a Netmeeting directory that my host is listening for other calls. By default it would register itself with the address it has, and no one would be able to connect to me when they use that address.

A router enables an internetwork, in which each host’s network address can be published and used by any other host on the network.

I can’t do this with the box I have connected to my broadband system. Suppose I had my own Class C, and wanted to use that space instead of an internal space. The external interface of my box would be in my ISP’s network. There is no way to configure my box to actually function as an internetwork device. It will never tell the upstream router, “Hey, the other side of my interface has XXX.XXX.XXX !” My host would still not be able to tell a netmeeting server its IP address because other clients would not be able to find a path to that network.
In my opinion if it can’t do that it is not a router. I think the definitions I’ve been pointed to support that opinion. If you want to tell me that a NAT is never a physical box, then fine. I have a NAT sitting on top of a switch; but it is not a router.

Aaah, now I understand! I do think it’s really splitting hairs though. Because your “broadband device” uses NAT, this should work anyway. You don’t have to tell upstream routers that the other side of your “device’s” interface has XXX.XXX.XXX, because the upstream routers will communicate with the “outside” interface of your “device” (to them that IS your IP address; because of NAT), and the “device” will then take care of the rest transparently (It will know which MAC address on your local internetwork to send the packets to). One thing your simple “device” can’t do that “real” routers are capable of, is detecting problems uproute, and rerouting packets around these problems. Other than that, your “device” can do everything a “real” router can also, so to me it’s a router.

That’s why I consider a Linux box working as a software router to be a real router, just as much as my wireless broadband router/modem at home, and just as much as a Cisco 12816. The important thing is that a router uses OSI layer three and four, while a hub/switch use layer two.

But it can’t. My internal host must know the address of the external interface, and it must communicate that address to the outside world (register with a netmeeting directory server). Also, I must specifically configure the NAT for a port assignment.

With a real router in an internetwork, I don’t have to know the address of the external interface.

Go back to my example of having my own Class C. My router does have to inform upstream routers of the subnet connected to it’s other interface, or I have the same problem where my Class C is effectively a private address space and all comms must go through NAT. Why would I want NAT when I have a public Class C?

I don’t understand why you keep bringing up a linux box. Of course I can make any computer into a router, a real router that propogates routing information and would expose my Class C to the world. But the box that I buy at Best Buy called a “broadband router” cannot do that. Maybe it is splitting hairs. Maybe I am wrong. But I think that the primary function of a router is to let other devices know what subnets are routable from that router. And my broadband router does not and cannot do that.

Hmm, my understanding of NAT is that the router alters the source IP address and source port number. The router remembers which internal address/port pair is associated with the the new source port, allowing it to direct incoming packets from Google back to the correct machine. If a new header were wrapped around the original outgoing packet, how would the Google server know that it had to remove two headers rather than one?

“Der Groschen fällt” as they say in German. That means I finally get what you’re saying, and I agree. Your broadband router is more a switch using NAT than say that big Cisco box I linked to earlier. Your broadband device obviously won’t work between two public networks like a real router would. Since most people using broadband devices just have a private network behind their router, NAT and switching is fine for them. However, since most people don’t even know what an OSI layer is, I don’t think it really makes a big difference if we call a switch with NAT a router or not.

You are of course right. NAT doesn’t wrap any extra headers, it just mangles the headers that are already there. For all you ever wanted to know about NAT but were afraid to ask, check here or here.