What's the difference between DHCP and NAT? Are they mutually exclusive?
I know this is a rather basic question, but I'm struggling to find sources online to clarify it.
As I understand it, in NAT, the router which connects the private network to the public internet has one IP address, which all traffic for the private network is directed to; the router then uses port numbers to figure out which device on the private network the traffic is for. In contrast, with DHCP, each device on the network is assigned it's own public IP address which traffic for it is directed to.
My confusion stems from hearing that both can be used simultaneously, which seems to contradict the idea that with NAT, there is only one IP address for the entire private network whereas with DHCP, there is an IP address for each device on the network. If they are mutually exclusive, where is each typically used?
Please feel free tear apart the above statements if you think it will help :).
Edit: The answer below explains it really well - I was being dumb and not realising that DHCP can assign any "type" of IP address, it's just a protocol for devices to join a network?
NAT is a way to translate traffic in several ways. The simplest in home routers is to make everything seem like they’re behind the same IP address. This means any outbound connection from the local network is taken in, its source address is set to the router’s public address, a new port is allocated and the modified packet is sent forward. When there’s a packet back the same thing is done in reverse and the packet is sent to the original device.
NAT doesn’t need to be between private and public networks. It can also be between two public networks or two private ones. It just diverts traffic and doesn’t know anything about public or private.
DHCP is completely unrelated to this. It is a way for devices to shout to the local network asking for an IP address and other related information (like the gateway address, name servers etc) to be given to them. Again, a home router usually has a server to serve the clients in the local network. Without a DHCP server you’d need to set all IP addressed by hand to each device (or use the automatic IP system in Windows, for example, but that is only for local networks, not internetworking). The devices can not communicate using IP unless they have IP addresses and since practically all communications is over IP it’s needed.
The IP address given isn’t necessarily public. Maybe this causes the confusion to you. It’s any address that’s defined in the DHCP pool, or maybe even a static one for that specific device.
So you can have DHCP allocating IP addresses and never use a NAT. It just gives IPs from the pool and that’s that. You can also have NAT without DHCP. You can set fixed IPs, or you can use NAT to divert traffic through a firewall to some other machine etc. It doesn’t need anything from DHCP.
In home networks both are useful since there’s pretty much always only one external IP and users don’t want to manually set fixed IP addresses. So DHCP gives them local private IPs and NAT translates connections so that they look like they come from the same address.
DHCP is a protocol for configuring hosts, and runs periodically to keep their addresses and other configuration up to date. NAT a process is for rewriting packets as they are forwarded across a router. To be more specific it does translate the addresses and sometimes the ports.
DHCP takes a pool of IPs and assigns them upon request. Could be public or private
NAT (typically) takes routable IP data and sends it through to a non-routable IP (like the ubiquitous 192.168.0.0 block)
In other words, they're not the same thing. It's like engines and tires: they both belong on a car and help make it run, but they do VERY different things.
What's probably tripping you up is that most of the Internet runs on NAT (and often IPv4 NAT). If you're using NAT, the default configuration there is you take a public IP and then DHCP your non-routing block to whatever devices connect behind the router. The trick there is you don't HAVE to DHCP NAT. You can actually assign all your devices a local, non-routing IP. In fact, most residential routers have some block they don't DHCP for that reason, so you can assign, say, a network printer a fixed IP.
It would be a pain to have someone come to your house and go "What's your Wifi password?" only to have you respond "Wait, let me assign your device an IP. What's your MAC address?" Not only will you get a blank stare (and your parents will disown you for asking them to tech), but this is a massive pain for you too. As such, nobody runs their network like this because DHCP is really convenient. I mean Adam Jacobs from Chef (DevOps company) told this story about a company that thought they couldn't use DHCP. Which immediately raised eyebrows among technology professionals.
All TCP/IP connections have 4 numbers. Suppose it is between Alice and Bob.
We have Alice_IP and Alice_Port, and we have Bob_IP and Bob_Port.
When there is a NAT between them (say, translating Alice-side requests), takes the Alice_IP and Alice_Port and replaces them with NAT_IP and NAT_Port.
So to Bob and all networks between the NAT and Bob, the connection is between NAT_IP and NAT_Port and Bob_IP and Bob_Port.
The NAT keeps a table saying "Packets from Bob_IP and Bob_Port targeting NAT_IP and NAT_Port gets translated to Alice_IP and Alice_Port".
While this is typically used so that private IP addresses can be used by Alice and her friends, and the NAT owns a NAT_IP that is a public IP valid on the entire internet.
But you can also have layers of NAT between Alice and Bob, some facing Alice some facing Bob. It could even be used to when the addresses translated-to are real public internet addresses (but I don't see much point).
DHCP solves a different problem. When you connect to a network, you may not have an IP address. DHCP is a way your computer can broadcast "Hello, this is me [ethernet hardware id], I need an IP address, can anyone help me?"
Often a router will be configured to respond with "Sure, here is an IP address", and the router remembers (a) your mac address has that IP address, and (b) the IP address is on that particular sub-network.
Where it gets those IP addresses is not something DHCP concerns itself about. On a typical consumer router, it grabs them from a pool of IP addresses reserved for private use, 10.xx.xx.xx, or 192.168.xx.xx.
The problem is then that the rest of the internet cannot route to those addresses. In fact, many routers on the internet are configured to just drop packets with those addresses.
Your consumer router connects to your ISP's router (or equivalent), which in turn distributes it an IP address. Your router typically does NAT, converting the DHCP-from-private-IP address connections of your household computers to its own DHCP-from-ISP provided IP address. Possibly your ISP then translates your router's IP address into a real internet IP address using yet another layer of NAT; or, maybe your ISP owns enough IP addresses that they can give your router a "real on the internet" IP address.
The downside to this NAT is that your computer doesn't have a unique identity. So when someone wants to connect to your computer, if they send a packet at what appears to be your computer's IP address, they instead send it to the router.
And the router may not have an entry in its NAT table for this new, unsolicited connection, so it drops the connection as nonsense.
There are hacks to get around this of varying effectiveness.