I had a practice question about a NAT-enabled router with outside address 24.34.112.235 and inside network 192.168.1/24 and three inside hosts .1, .2 and .3. The three hosts all open two connections to 128.119.40.86 port 80.
The NAT table of the router was given as
NAT Translation Table
WAN Side LAN Side
24.34.112.235, 4000 192.168.1.1, 3345
24.34.112.235, 4001 192.168.1.1, 3346
24.34.112.235, 4002 192.168.1.2, 3445
24.34.112.235, 4003 192.168.1.2, 3446
24.34.112.235, 4004 192.168.1.3, 3545
24.34.112.235, 4005 192.168.1.3, 3546
My question is regarding the answer. I understand the IP addresses. However, are the port numbers randomly chosen or does the order of 3345, 3346, 3445, etc. have a sort of logic given behind them?
What are the requirements on hosts and routers choosing port numbers for this situation?
Is there any reason the WAN-side port numbers couldn't be 6000 to 6005, for example? Or the LAN-side port numbers be 1234 to 1239?
Best Answer
Outgoing port numbers in general are basically extremely unpredictable. Port numbers are only strictly applicable to TCP and UDP, but ICMP "identifier" fields can work in the same way as regards NAT.
There are a few protocols where the outgoing call has to come from a particular port number, but the most common operating systems's mplementations choose ports from a range for this purpose.
RFC 6335 covers this:
Some operating systems choose the ports randomly from a range, some choose them in linear order (like you see in your example). Some choose lowest available number from a range. It's entirely up to the operating system. Some operating systems let you choose the ranges. (A system with a great deal of outgoing connections, perhaps a web proxy, a mail gateway, or a NAT device, might run out of port numbers if the range is too small.)
In common speaking, many people just say some random high port number.
In your case, the WAN-side port numbers are chosen by the NAT devices. The LAN-side port numbers are chosen by the three hosts .1, .2 and .3, but note that it would be extraordinarily unusually for three hosts to choose the idential two port numbers for outgoing connections without something enforcing it. (Running in sync is unlikely to do it -- a transient failure with a retry, for example, will "use up" a port number in whatever sequence the OS is using.)
As Eddie says:
A point to notice is that if you are planning access control on port numbers, you might have to accomodate whatever your operating systems use.
If for some reason you need to control particular port numbers for outgoing NAT, you need "static PAT" in your NAT device.