NAT Type Checker

Check how your network translates traffic with a quick WebRTC-based NAT probe

What is NAT?

Network Address Translation (NAT) lets multiple devices share a single public IP address by rewriting packet source and destination details as traffic crosses your router. It conserves IPv4 addresses and adds a light layer of isolation, but it also introduces translation rules that influence how inbound connections reach your device.

Modern routers usually run some flavor of NAT that opens return paths only after you send traffic out. This behavior keeps unsolicited traffic from reaching your devices, but can complicate direct peer-to-peer sessions that need predictable, open ports.

NAT Types Explained

Open / Full Cone

Easiest for peer-to-peer. Ports stay consistent and return traffic flows freely once opened. Best for online gaming lobbies, VoIP, and direct file sharing.

Moderate / Restricted

Ports are translated but allow replies that match your outbound mapping. Most home networks fall here, and most apps work with some STUN/TURN assistance.

Strict / Symmetric

Every destination can get a unique port mapping, making hole-punching unreliable. Peer-to-peer and some multiplayer games may fail unless a relay (TURN) server is used.

Blocked / Unknown

Firewalls or carrier-grade NAT can block UDP discovery entirely. You may need a VPN, port forwarding, or a relay service to enable direct connectivity.

Tips to Improve NAT

  • Use wired or primary routers instead of double-NAT guest/mesh nodes when possible
  • Enable UPnP or add manual port-forward rules for the apps or games you trust
  • Check for ISP carrier-grade NAT; a static IP or VPN with port forwarding can help
  • Ensure your firewall allows outbound UDP so STUN/TURN discovery can work

How to Change Your NAT Type

  1. Check if your ISP modem is also routing. If so, put it in bridge or passthrough mode so only your main router handles NAT.
  2. Reserve a static LAN IP for your console or PC, then enable UPnP or forward the required UDP/TCP ports to that device. Keep the forward narrow (specific ports, specific host).
  3. If your router supports it, place one trusted device in a DMZ/Exposed Host to avoid double translation while leaving the firewall on for the rest of your network.
  4. Stuck behind carrier-grade NAT? Ask your ISP for a public IPv4/static IP, or use a VPN that offers port forwarding so peers can reach you.
  5. Enable IPv6 when available. Many games and apps can establish peer connections over IPv6 without fighting IPv4 NAT rules.

Command-Line Checks for NAT Issues

Use these quick probes to see if you are behind double NAT, confirm your public IP, and verify that a port forward is reachable from the internet. Replace <your-public-ip> and <forwarded-port> with your details before running.

NAT diagnostics
Windows — Check gateways and port reachability

Run these in PowerShell to spot double NAT and test a forwarded port. 

ipconfig | findstr /R "Default Gateway"
tracert -d 1.1.1.1
(Invoke-RestMethod -Uri https://ifconfig.me).Trim()
Test-NetConnection -ComputerName <your-public-ip> -Port <forwarded-port>
tracert 1.1.1.1 | findstr /R "192.168 10\. 172\."
macOS — macOS double-NAT checks

Use Terminal to see your route and confirm an open port after forwarding. 

route get 1.1.1.1 | grep gateway
traceroute -n 1.1.1.1 | head -n 5
curl -4 -s https://ifconfig.me
nc -vz <your-public-ip> <forwarded-port>
traceroute 1.1.1.1 | grep -E "192.168|10\.|172\.(1[6-9]|2[0-9]|3[0-1])\."
Linux — Linux double-NAT checks

Use these commands to check routing, public IP, and port connectivity. 

ip route get 1.1.1.1 | head -n 1
tracepath -n 1.1.1.1 | head -n 5
curl -4 -s https://ifconfig.me
nc -vz <your-public-ip> <forwarded-port>
tracepath 1.1.1.1 | grep -E "192.168|10\.|172\.(1[6-9]|2[0-9]|3[0-1])\."