CGNAT stands for carrier-grade Network Address Translation. It is a technique internet providers use to let many customers share a smaller number of public IPv4 addresses. It became common because IPv4 addresses are limited and expensive.
How CGNAT Works
In a normal home setup, your router uses NAT to let local devices share one public IP. With CGNAT, your ISP adds another NAT layer upstream. Your router may receive a private or shared address from the provider, while many customers exit through the same public address.
Why It Can Be a Problem
CGNAT can make inbound connections difficult or impossible. Port forwarding on your home router may not work because the public address is controlled by the ISP’s shared gateway. This affects self-hosted game servers, remote desktop, home VPN servers, security cameras, and some peer-to-peer applications.
How to Recognize CGNAT
Compare the WAN address shown in your router with the public IP shown by an external lookup tool. If they are different and the router address is in a private or shared range, CGNAT may be in use. Your ISP can confirm it and may offer a public or static IP option.