NAT

Adding one more Wi-Fi router at home often does not just add another AP. It may add another gateway, DHCP, and NAT (Network Address Translation) layer. Phones can still browse the internet, but printers disappear, NAS access fails, casting breaks, or games report restricted NAT. Many of those problems start here.

The difference between router mode and AP mode is not appearance, and not whether the device can broadcast Wi-Fi. It is whether the device acts as a Layer-3 gateway or only provides Layer-2 wireless access inside the existing LAN.

When people in packet captures say “see whether the five-tuple changed,” they are not using another name for a TCP connection. The five-tuple is the smallest practical identifier for a network flow. NAT, firewalls, load balancers, and connection tracking all depend on it.

Looking at only one IP address is not enough. Two hosts can have many simultaneous connections, even to the same service. Looking at only one port is not enough either, because the same port numbers repeat across different hosts. The network and the kernel need a combination that is small enough to operate on and stable enough to answer questions like: is this the same flow, is this a return packet, and should this state table entry be reused?

Service outages, client connection failures, and UDP instability often get blocked earlier by an address-rewriting boundary. The host thinks it is talking directly to the public Internet, but the remote side sees a different address and port. The application thinks it is only sending packets, while the NAT device has created, maintained, timed out, and reclaimed a mapping relationship.

NAT is not just “changing the address”. It is a major redistribution of roles in real IPv4 networks: internal addresses are no longer directly reachable by default, outbound traffic becomes the default entry point for creating mappings, and return traffic depends on whether that state table is still alive.