tags:

views:

477

answers:

6
+3  Q: 

How do two computers connect to same external address through NAT?

If I have two internal computers connecting to the same external IP address through a NAT router, how is the router able to get the traffic to the correct internal computer? It is my understanding that NAT forwards incoming packets to the computer that recently sent outgoing packets to the [incoming packet's] sender's IP address. Since both computers are sending to the same address, does the router forward the packet to both? If that is the case, is it the responsibility of the client software to determine which packets are relevant?

Is it possible if both computers are attempting to connect to the same port?

+1  A: 

It uses different ports for incoming external traffic, and the NAT then routes the packets on one port to one internal IP address, and the packets from the other port to the other internal IP address... The iniital request from each internal computer, when it goes through the NAT on the way out, establishes which port will be used for the incoming traffic from the external ip address, and it tells the external server what port to send it's traffic back on for that connection.

Charles Bretana  2009-12-30 20:19:47
A: 

The 16 bit port is used to distinguish one connection from another.

GregS  2009-12-30 20:19:55
+4  A: 

The router manages "source" ports that are separate for each computer. While you may be connecting to port 80 on the "destination" the router may assign the source port to some high number port.

Wikipedia sums it up as

Network address translation involves re-writing the source and/or destination IP addresses and usually also the TCP/UDP port numbers of IP packets as they pass through the NAT. Checksums (both IP and TCP/UDP) must also be rewritten to take account of the changes.

envalid  2009-12-30 20:21:01
Correct me if I'm wrong: Both computers initially request connection to 1.1.1.1 on port 1000. The router makes up new ports, 40000 and 40001. The router sends the packet along, still connecting on port 1000. When the server sends it back, it sends back to port 40000 or 40001. That makes sense, except that I thought when opening a connection, sending and receiving happen on the same port.
 2009-12-30 20:49:09
A "socket" consists of four pieces of data: origin IP address, origin port, destination IP, and destination port. In your example, ports 40000 and 40001 are source ports, 1000 is a destination port.
kdgregory  2009-12-30 21:04:57
+1  A: 

Already good answers are provided, but here is another example:

    HOST A addr         HOST B addr
    10.1.0.2:4040       10.1.0.3:4040
-----------------------------------------
NAT 200.50.50.28:4040   200.50.50.28:4041 (what external host sees)

200.50.50.28 is router's global (internet) IP.

Every port number is unique in the NAT table. And of course the router does all the dirty job of modifying the source and destination addresses transparently.

Nick D  2009-12-30 20:57:19
+3  A: 

When you open a socket, you need to address a port of the destination system and open a conjugate listening port on your own system to receive any response. You have to send the destination system your listening port.

Having more than one system using the same modem

When you start a web browser, and go to www.google.com:80, your browser obtains/searches for a free non-system conjugate port from the system for listening. Let us say, the conjugate port is 10000. The listener port is for receiving the http stream back from google.

Then your kid sitting next to you incidentally also browses www.google.com:80 and his/her google session of the play station or xbox-whatever also incidentally is assigned conjugate port 10000.

Both of you are sitting behind a cable modem, behind the cable modem is wireless router. And both of your systems are behind the wireless router - All sitting in that sequence, network topology-wise.

To prevent port address collision on the router/modem

Let us say that your cable company DHCP assigns your modem ip4 adress 72.72.72.72. But your wireless router DHCP assigns 192.168.0.10 to your system and to 192.168.0.11 to your kid's system.

When the frame carrying the information of your listener ports passes thro your NAT router, it would translate either one or both listening- ports. Let's say port 15000 for your page and port 16000 for your kid's page.

Your wireless router then sends your requests to google server as coming from 72.72.72.72:15000 and 72.72.72.72:16000.

The google server then responds individually to 72.72.72.72:15000 and 72.72.72.72:16000 and when you wireless router encounters the response, it reaches into the mapping that it has stored and translates 72.72.72.72:15000 to 192.168.0.10:10000 to reach your system but translates 72.72.72.72:16000 to 192.168.0.11:10000 to reach your kid's system.

Running web/game/ftp/etc servers

But what if you have a web server or an ftp server running on your system. What if you have two systems and both have a web server and both web servers are listening on port 80?

Let us say the local ip addresses registered/assigned with your wireless router of your first web server system is 192.168.0.30 and your second web server system is 192.168.40.

The wireless router would have a configuration web page usually by default 192.168.0.1:80, unless you changed it. There would be a tab to on the page where you could define/reserve application port mappings.

You could register with your wireless router to reserve the mapping

192.168.0.30:80 => outgoing port 8080
192.168.0.40:80 => outgoing port 8088

So that you have to phone your friends your web/game servers are addressable through 72.72.72.72:8080 and 72.72.72.72:8088 respectively, where the wireless router would preclude its port 8080 and 8088 from its own dynamic NAT usage.

Of course, 72.72.72.72 is as good as only before your ISP DHCP decide to renew the ip4 address of your modem to say, 72.72.90.200. After which you would have to phone/email your friends and say Hey, the servers' addresses have changed to 72.72.90.200:8080 and 72.72.90.200:8088 respectively. Or you could subscribe to dynamic dns (ddns) service to use a named domain where the ddns service will need you to install a simple heartbeat utility on your system to help them monitor the address variation. DDNS translation is a separate issue/strategy.

NAT modems

Newer ISP contracts supply you with a modem that has NAT. If so, you have to switch off either the one on your modem or the one on your wireless router. You should not use both - what's the point in translating twice because NAT is simply to prevent address collision. When you switch off NAT from your wireless router, it can operate as a hub switch and not a router anymore so that you could connect it to the modem using one of its LAN socket instead of thro its WAN socket.

Blessed Geek  2009-12-31 12:09:05
+1 What an awesome explanation! I have always been frustrated by the fact that most explanations of NAT never really cleared up how replies on outgoing connections make it back to the sender.
AaronLS  2010-02-01 09:49:37
A: 

RFC3022 provides a lot of information on how this works

Suresh Krishnan  2010-01-13 18:22:13

related questions

Delphi, How to get all local IPs?
Getting the client IP address: REMOTE_ADDR, HTTP_X_FORWARDED_FOR, what else could be useful?
How to convert an IPv4 address into a integer in C#?
Working with IPv6 Addresses in PHP
How to determine whether an IP is from the same LAN programatically in .NET C#
How do I detect whether a given IP is in a given subnet in Javascript?
Linux: retrieve per-interface sent/received packet counters (ethernet, ipv4, ipv6)
How do I make an outgoing socket to a SPECIFIC network interface?
How to find a locally available UDP port with unix Sockets API
How does geographic lookup by IP work?
Best tutorial for application multicasting?
SAAS per seat authentication
How do I find the DHCP assigned IP address via bash on Fedora?
Get my WAN IP address
Writing a reliable, totally-ordered multicast system in Python
192.168.0.71... What is this special address used for?
Sending an HTTP request to a different IP than what the hostname resolves to?
Checking IP Port State Remotely
How to route in linux
What is the difference between 0.0.0.0 and 255.255.255.255 in IPv4?
How can I specify the local address on a java.net.URLConnection?
Reverse DNS lookup in perl
Change IP address via shellscript on Slackware
How can I determine the IP of my router/gateway in Java?
IP to Country?