CodeClarityLab / Glossary
Ctrl K
← CodeClarityLab Home
Browse by Category
+ added · updated 7d
⚖ Terms of Use
← Back to glossary

NAT & Port Forwarding

networking Intermediate

Also Known As

NAT port forwarding ngrok STUN TURN

TL;DR

NAT maps multiple private IPs to one public IP — understanding NAT explains why ngrok is needed for local webhook testing and how Docker port mapping works.

Explanation

NAT (Network Address Translation): a router with one public IP maps multiple private devices (192.168.x.x, 10.x.x.x) by tracking source IP:port to destination. Port forwarding: manually map public_ip:port → private_ip:port for inbound connections. NAT traversal: WebRTC uses STUN to discover public IP and TURN as a relay when direct P2P fails. For PHP developers: ngrok creates a tunnel bypassing NAT so Stripe can reach localhost:8000.

Common Misconception

NAT provides security by hiding internal IPs — NAT is primarily an IP conservation mechanism, not a security feature; it does not replace firewalls.

Why It Matters

Testing webhooks locally requires exposing localhost to the internet — without understanding NAT, developers cannot explain why Stripe cannot reach 192.168.1.100.

Common Mistakes

  • Relying on NAT as a security boundary
  • Not using ngrok for local webhook development
  • Hard-coding private IPs in configuration — not routable on internet
  • Docker: forgetting -p host:container to publish ports

Code Examples

✗ Vulnerable 
// Stripe webhook URL: http://192.168.1.100:8000/webhook
// Problem: 192.168.1.100 is a private IP
// Stripe cannot reach this from the internet — webhook never fires
✓ Fixed 
// Use ngrok for local webhook testing:
// Terminal 1: php -S localhost:8000
// Terminal 2: ngrok http 8000
// ngrok output: https://abc123.ngrok.io -> localhost:8000
// Stripe webhook URL: https://abc123.ngrok.io/webhook

// Docker: expose port to host:
// docker run -p 8000:80 myapp
// nginx on port 80 inside container → localhost:8000 on host
Added 16 Mar 2026
Edited 22 Mar 2026
Views 26

Curated in Warsaw under one editorial standard. 1,444 terms, single voice.  About this reference →

Rate this term
No ratings yet
🤖 AI Guestbook educational data only
| |
Last 30 days
0 pings W 0 pings T 2 pings F 0 pings S 0 pings S 1 ping M 0 pings T 0 pings W 1 ping T 1 ping F 0 pings S 3 pings S 0 pings M 0 pings T 0 pings W 0 pings T 2 pings F 0 pings S 0 pings S 0 pings M 1 ping T 0 pings W 0 pings T 1 ping F 0 pings S 0 pings S 0 pings M 0 pings T 0 pings W 0 pings T
Agents 0
No pings yet today
No pings yesterday
Amazonbot 8 Perplexity 4 Unknown AI 2 Google 2 Majestic 1 Ahrefs 1 SEMrush 1 Qwen 1
Also referenced
HTTP Request-Response Cycle 36 Cloud VPC & Networking 25 IPv6 for Web Developers 18
How they use it
crawler 19 crawler_json 1
Related categories
networking 501 cloud 425
DEV INTEL Tools & Severity
🔵 Info ⚙ Fix effort: Low
⚡ Quick Fix
Understanding NAT explains why webhooks must be publicly accessible — your PHP app behind NAT cannot receive inbound connections without port forwarding or a tunnel; use ngrok for local webhook development
📦 Applies To
any web cli
🔗 Prerequisites
🔍 Detection Hints
Webhook endpoint behind NAT/firewall not receiving events; PHP app not accessible from internet for testing; no public URL for OAuth callback
Auto-detectable: ✗ No ngrok localtunnel cloudflare-tunnel
⚠ Related Problems
🤖 AI Agent
Confidence: Low False Positives: High ✗ Manual fix Fix: High Context: File
✓ schema.org compliant