NAT Example
Suppose that we have a LAN with three computers and a router.
When the LAN connects to the ISP, it is given a single public IP address, say 12.34.56.78. This is assigned to the router. This is the only address we can use when talking to computers on the internet.
For use on the LAN however, each of the three computers must be assigned a local address. Say these are 10.10.10.1, 10.10.10.2, and 10.10.10.3
Each computer is running multiple programs that talk to the internet, and we use ports to distinguish. There is a chat program at, say, port #44, a web browser at 80, and a game at 77.
Suppose the chat program on 10.10.10.1 sends a message to a computer somewhere on the internet. The packet header might look like
packet 1 of 4
from: 10.10.10.1:44 ß local IP and port #
to: 98.76.54.32:44
When this packet reaches the router, we must do NAT so that we use the public IP address, not the local address.
packet 1 of 4
10.10.10.1:44
from: 12.34.56.78:??? ß public IP, but what port # ?
to: 98.76.54.32:44
However, eventually we will get a response, which will be addressed to the public IP address, so we need a way to know that the response is really for 10.10.10.1:44 specifically. So we will make up a port number to represent that combination, and record
|
public
port number |
local
socket address |
|
144 |
10.10.10.1:44 |
So the packet ends up with:
packet 1 of 4
from: 12.34.56.78:144 ß public IP# and made up port #
to: 98.76.54.32:44
Soon after, the game on 10.10.10.2 sends a packet:
packet 1 of 8
from: 10.10.10.2:77 ß local IP and port #
to: 76.76.34.34:77
After NAT, we have changed it to.
packet 1 of 8
10.10.10.2:77
from: 12.34.56.78:277 ß public IP, made up port #
to: 76.76.34.34:77
We also update our table of the lies we have told
|
public
port number |
local
socket address |
|
144 277 |
10.10.10.1:44 10.10.10.2:77 |
Now the chat program on 10.10.10.3 sends a packet:
packet 1 of 3
from: 10.10.10.3:44 ß local IP and port #
to: 22.33.44.66:44
After NAT, we have changed it to:
packet 1 of 3
10.10.10.2:44
from: 12.34.56.78:344 ß public IP, made up port #
to: 22.33.44.66:44
We have also updated the table.
|
public
port number |
local
socket address |
|
144 277 344 |
10.10.10.1:44 10.10.10.2:77 10.10.10.3:44 |
Eventually, a packet reaches our router from out on the internet. To have reached the router, it must have our public IP address as part of the TO: address.
packet 1 of 5
from: 86.75.94.2:77
to: 12.34.56.78:277 ß our public IP and a port #
Now the router must do NAT to figure out which program on which computer this packet is really for. It can do this by looking at the port part of the TO: and using the table in the router to translate.
|
public
port number |
local
socket address |
|
144 277 344 |
10.10.10.1:44 10.10.10.2:77 10.10.10.3:44 |
So after NAT, the packet has the local address, and can be given to the right recipient.
packet 1 of 5
from: 86.75.94.2:77
12.34.56.78:277
ß looked up made up port # in table
to: 10.10.10.2:77 ß found local address