5

Just curious about a particular scenario of NAT. Let's suppose we have 4 computers sharing a global IP address under the NAT. I understand that the NAT box keeps an internal record to know which computer to forward requests to. But let's say on computer #2 I'm trying to download a file. And let's say on computer #1, #3, and #4, I'm just browsing the web normally. When the browser initiates a TCP connection to get that file, how does it know which computer to give it to? I mean like, each of the four computers is using port 80 to browse the web right? How does the NAT's record distinguish which "port 80" belongs to which computer?

Jon Seigel
  • 12,251
  • 8
  • 58
  • 92
Rudi
  • 83
  • 4
  • Does this answer your question? [How do two computers connect to same external address through NAT?](https://stackoverflow.com/questions/1982222/how-do-two-computers-connect-to-same-external-address-through-nat) – Jason Law May 09 '20 at 01:56

2 Answers2

15

Each unique TCP connection on the internet is made up of four numbers - {source IP, source port, destination IP, destination port}.

A NAT gateway (GW) translates this to {GW public IP, GW-mapped port, destination IP, destination port} so the outside routers know to return packets to this particular gateway. It also keeps a mapping of these mapped ports back to source IP and port number, along the lines of {GW-mapped port -> {source IP, source port}}, which allows it to figure out what internal machine to send the response packets to.

Nikolai Fetissov
  • 82,306
  • 11
  • 110
  • 171
  • I have a question, what if a server uses NAT on his side? Would destination port be replaced by something after the packet arrives? For example, when we communicate with the servers public port 80, could it be that the actual port on the server side is some other number? If yes, does that mean server programmers have to make sure port 80 is not used for anything else? – mercury0114 Apr 10 '16 at 19:24
  • The NAT is transparent to applications, so the server developer would only be concerned with the port number his process is listening on. – Nikolai Fetissov Apr 10 '16 at 21:00
  • Do different requests coming from different devices within a private network(let's say they all use the same port 1015) map to the same GW-mapped port or do they map to different ports of the gateway? I hope it's different because same GW-mapped port cannot be mapped to different `{source IP, source port}`. If it's different GW-mapped ports then is there a limitation that only 65K(max 65K ports on a particular device) such devices can be present within a private network that use the same gateway? – asn May 28 '23 at 23:01
5

The concept of "port 80 for http" does not work like these. When a computer browse the web, only the server uses port 80, while the client will use a random port number. The server replies with a destination port, provided by the client, attached. Port 80 is just for knocking the web server's door.

What the NAT does do is translating all those 4 computers outward packets such that their source ports does not duplicate. When the NAT receives a packet, it will check if the attached destination port can be translated and translate it to the LAN if possible.

billyswong
  • 1,114
  • 7
  • 12