4
votes

Just curious about a particular scenario of NAT. Let's suppose we have 4 computers sharing a global IP address under the NAT. I understand that the NAT box keeps an internal record to know which computer to forward requests to. But let's say on computer #2 I'm trying to download a file. And let's say on computer #1, #3, and #4, I'm just browsing the web normally. When the browser initiates a TCP connection to get that file, how does it know which computer to give it to? I mean like, each of the four computers is using port 80 to browse the web right? How does the NAT's record distinguish which "port 80" belongs to which computer?

2

2 Answers

15
votes

Each unique TCP connection on the internet is made up of four numbers - {source IP, source port, destination IP, destination port}.

A NAT gateway (GW) translates this to {GW public IP, GW-mapped port, destination IP, destination port} so the outside routers know to return packets to this particular gateway. It also keeps a mapping of these mapped ports back to source IP and port number, along the lines of {GW-mapped port -> {source IP, source port}}, which allows it to figure out what internal machine to send the response packets to.

5
votes

The concept of "port 80 for http" does not work like these. When a computer browse the web, only the server uses port 80, while the client will use a random port number. The server replies with a destination port, provided by the client, attached. Port 80 is just for knocking the web server's door.

What the NAT does do is translating all those 4 computers outward packets such that their source ports does not duplicate. When the NAT receives a packet, it will check if the attached destination port can be translated and translate it to the LAN if possible.