Let’s say I have two computers A and B on a LAN with IP 192.168.0.2 and 192.168.0.3.
Let’s say I have a router/firewall on the LAN internally addressable at IP 192.168.0.1 with a face IP to the world of 22.214.171.124.
Let’s say I want to talk to a server with IP 126.96.36.199 .
Let’s say that both A and B want to look at web page on the server. A sends a request containing its own IP, 192.168.0.2, a free port, e.g. 9422 for the return packets to come to, the IP of the server, 188.8.131.52 and 80 the port of the server, to the router’s internal IP, 192.168.0.1.
B similarly sends a request containing its own IP, 192.168.0.3, a free port, e.g. 9423 for the return packets to come to, the IP of the server, 184.108.40.206 and 80 the port of the server, to the router’s internal IP, 192.168.0.1.
To the outside world on the Internet, router looks like a single computer. A and B and their IP ’s are invisible to the outside world. So the router has to fake the two requests from A and B as if they both came from itself. So it sends out to the Internet two packets, the first, representing A’s request, with the router’s face IP, 220.127.116.11 and a free port on the router, e.g. 9432, the IP of the server, 18.104.22.168 and port 80 and the second packet, representing B’s request, with the router’s face IP, 22.214.171.124 and a different free port on the router, e.g. 9433, the IP of the server, 126.96.36.199 and port 80.
When the server responds to A’s request it sends a packet to the router, with the router’s face IP, 188.8.131.52 and port 9432 number in the header, the router has to look up the computer, e.g. 192.168.0.2 and which port, e.g. 9422 it associates with. It then forwards the response to computer A, 192.168.0.2 and port, 9422. Similarly for messages for computer B, the router receives a message with the router’s face IP, 184.108.40.206 and port 9433 in the header and forwards it to computer B, 192.168.0.2 and port 9423.
This works fine when a computer on the LAN initiates the conversation, but does not work if you try to host a server of some sort, e.g. Tomcat or BitTorrent. In that case you must manually configure the router to take incoming calls for a particular port and route them to a particular machine on the LAN and port.
Routers usually act also as firewalls. They can block incoming or outgoing traffic by a number of criteria, including port number, destination, time of day and protocol.
I am not too clear on this, but there appear to be several configuring protocols UPnP-NAT(PC (Personal Computer)), NAT-PMP(Mac) and SOHO. And, of course, many routers are not configurable,
This page is posted
Optional Replicator mirror
Please read the feedback from other visitors, or send your own feedback about the site.
Contact Roedy. Please feel free to link to this page without explicit permission.
Your face IP:[220.127.116.11]
You are visitor number|