Routing NAT – How Does the Router Know How to Route Packets to My Terminal?

nat;routing

Suppose I have a network of 2 computers, each having a private network address of 192.168.1.101 and 192.106.1.102.

For my public ip address, it is 10.2.10.172.

When I make a http request to google.com, my computer will send out a packet with source ip address of 192.168.1.101 to the router and the NAT will change it to 10.2.10.172.

My question is, when google.com gets the request, and sends the reply back to 10.2.10.172, how does the router knows which computer to route to? (192.168.1.101 or 192.168.1.102).

I was thinking about port number at first but I think that we could be browsing on the same website at the same time so I have no idea how it works here.

Best Answer

NAT
If you are using static (one-to-one) NAT, the router will assign the 11.2.10.172 public IP to the first PC ( for example 192.168.1.101 ) trying to reach google.com. In this case, the two PC will not be able to communicate with google.com at once, because the only available public IP is already distributed.
The NAT table in the router:
11.2.10.172 -> 192.168.1.101

PAT
In your case PAT ( NAT overloading ) is the solution.
With PAT, multiple addresses can be mapped to one private IP. When a device initiates a TCP/IP session, it generates a TCP or UDP source port number to uniquely identify the session. When the router receives this packet it uses that source port number to uniquely identify the translation.

Example
PC1 (192.168.1.101) makes an HTTP request to google.com (64.233.161.1) with a random source port number (1444). PC1 will send a packet with DA: 64.233.161.1:80 | SA: 192.168.1.101:1444. When the router receives this packet it inserts 11.2.10.172:1444 -> 192.168.1.101:1444 to the NAT table then changes the L3 addressing of the packet to DA: 64.233.161.1:80 | SA: 11.2.10.172:1444 and forwards it to google.com.
Google responds with DA: 11.2.10.172:1444 | SA: 64.233.161.1:80. The router receives this packet and translates it to DA: 192.168.1.101:1444 | SA: 64.233.161.1:80 then forwards it to PC1.

If PC2 (192.168.1.102) sends a packet with the same source port number as PC1 did , the router simply increases the port number by 1. In that case the NAT table would look like this

11.2.10.172:1444 -> 192.168.1.101:1444
11.2.10.172:1445 -> 192.168.1.102:1444

I hope it helps a bit.

UPDATE
As @CraigConstantine noticed, 10.2.10.172 is still in the private address space so I have changed it to 11.2.10.172.

Related Solutions

Routing – How are UDP source ports mapped on a NAT

This depends on the NAT implementation.

In general, most NAT engines prefer to make as few modifications as necessary. So, the first one there gets to keep their src port. The second one is "the loser" and has it changed. The map entry doesn't depend on anything changing; it tracks whatever is used, changed or not. As long as they aren't both talking to the same server, they can both use the same src port, because the map includes the destination:

[(inside){src}PC A:123 {dst}Server A:123 :: (outside){src}ISP:123 {dst}Server A:123]
[(inside){src}PC B:123 {dst}Server B:123 :: (outside){src}ISP:123 {dst}Server B:123]
                                                     ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

The outside details are different, thus a unique key to find the inside match.

Routing – How Can 2 Computers in Different Networks Communicate?

First, just because your two computers are connected via the Internet at two separate locations doesn't necessarily mean that you are using private addresses. That is certainly the most likely scenarios with IPv4, given the IPv4 address shortage, but it is still not necessarily true. If you are running IPv6, you are probably using public IPv6 addresses.

Let's assume you are using private IPv4 addressing behind a router using NAT.

Knowing the other private address does nothing for you at all, so just take that out of the equation.

Under normal, non-hacker circumstances, the NAT routers at each end would need to have port forwarding enabled for each PC's private address, or the routers would need to be using one-to-one NAT, to enable the two PCs to communicate via the public addresses. You could also use a VPN between the two PCs to get around the NAT problem. This all assumes that there are no firewalls in place to block traffic from the Internet into the private networks.

In one-to-one NAT, each network would have multiple public addresses which uniquely translate to a single private address, so using a public address will get you to the corresponding private address. This is also an unlikely scenario given the shortage of IPv4 addresses, but it is done in some places.

Port forwarding configures NAT to forward incoming traffic sent to a router's public address on a given port number to be sent to a particular inside private address at a given port number.

A VPN is a tunnel. Usually, traffic from one inside network is encapsulated within packets addressed to the public address of the other network and sent to the other network where it is de-encapsulated to the other inside network. This can be configured in such a way as to make the foreign network appear local to the tunnel interface of the local network.

A firewall on either end, or anywhere along the path, may be configured to block any or all of these methods.

Best Answer

Related Solutions

Routing – How are UDP source ports mapped on a NAT

Routing – How Can 2 Computers in Different Networks Communicate?

Related Topic