When my PC sends a request to a server, the transmitted IP address is the one of my private network. When the server responds to the request, how does the router know to which PC in the network to send the response?
Router IPv4 NAT – How Does a Router Send a Server Response to the Correct PC?
ipv4nat;router
Related Solutions
NAT
If you are using static (one-to-one) NAT, the router will assign the 11.2.10.172
public IP to the first PC ( for example 192.168.1.101
) trying to reach google.com. In this case, the two PC will not be able to communicate with google.com at once, because the only available public IP is already distributed.
The NAT table in the router:
11.2.10.172 -> 192.168.1.101
PAT
In your case PAT ( NAT overloading ) is the solution.
With PAT, multiple addresses can be mapped to one private IP. When a device initiates a TCP/IP session, it generates a TCP or UDP source port number to uniquely identify the session. When the router receives this packet it uses that source port number to uniquely identify the translation.
Example
PC1 (192.168.1.101
) makes an HTTP request to google.com (64.233.161.1
) with a random source port number (1444). PC1 will send a packet with DA: 64.233.161.1:80 | SA: 192.168.1.101:1444
. When the router receives this packet it inserts 11.2.10.172:1444 -> 192.168.1.101:1444
to the NAT table then changes the L3 addressing of the packet to DA: 64.233.161.1:80 | SA: 11.2.10.172:1444
and forwards it to google.com.
Google responds with DA: 11.2.10.172:1444 | SA: 64.233.161.1:80
. The router receives this packet and translates it to DA: 192.168.1.101:1444 | SA: 64.233.161.1:80
then forwards it to PC1.
If PC2 (192.168.1.102
) sends a packet with the same source port number as PC1 did , the router simply increases the port number by 1. In that case the NAT table would look like this
11.2.10.172:1444 -> 192.168.1.101:1444
11.2.10.172:1445 -> 192.168.1.102:1444
I hope it helps a bit.
UPDATE
As @CraigConstantine noticed, 10.2.10.172
is still in the private address space so I have changed it to 11.2.10.172
.
NAT (Network Address Translation) is a method created to extend the life of IPv4. Without it, we would have completely run out of IPv4 addresses many years ago, instead of more recently, as has happened. Unfortunately, NAT breaks the IP model of end-to-end connectivity, where each device has a unique IP address.
NAT, at it core, simply translates either or both the source and destination addresses on IP packets to be different addresses. There are multiple variations of NAT. The common version used to allow devices on a network with private addresses use a single public address is call NAPT (Network Address Port Translation).
NAT can be used on different device types, but it is most convenient to to run a NAT process on a firewall or router that connects a private network to the public Internet. It is not a firewall or router requirement to run NAT, but that is usually the logical place to run it.
NAPT looks at the source layer-3 and layer-4 addresses of packets passing from inside to outside, then it creates or updates an entry in a NAT table and replaces the source layer-3 and layer-4 addresses with different addresses before forwarding the packets.
When a packet comes in from the outside with the layer-3 destination address of the NAT device, NAPT looks at the destination layer-3 and layer-4 addresses, and it looks up in the NAT table to determine which layer-3 and layer-4 address to use to replace the destination addresses, then it replaces those addresses and forwards the packets to the inside. NAT drops any packets for which there are NAT table entries.
NAT table entries will time out, or, in some cases with TCP, will be purged when the connection ends.
It important to NAPT to inspect both the source and destination addresses to create NAT table entries for a particular conversation. That helps to prevent outside hosts that are not part of the conversation from sending unwanted packets to the inside host.
Both the source and destination addresses on the packets must match the NAT table entries before packets are allowed from outside to inside. That means that only inside hosts can initiate a conversation because there is no NAT table entry in place for an outside host to initiate a conversation. This brings up the concept of port forwarding, which essentially create a permanent NAT table entry in order to allow outside hosts to initiate a conversation with an inside host.
For more information about NAT, you can look at RFC 3022, Traditional IP Network Address Translator (Traditional NAT).
Best Answer
The NAT process maintains the translations tables. When the client sends to the server, NAT creates a table entry which saves the fact that the client IP address and port sent something to the server IP address address and port. When something comes back from the server address and port to the public address and NAT selected port, NAT looks it up and sees that it should go to the client address and port.