Skip to main content

About this free course

Download this course

Share this free course

Discovering computer networks: hands on in the Open Networking Lab
Discovering computer networks: hands on in the Open Networking Lab

Start this free course now. Just create an account and sign in. Enrol and complete the course for a free statement of participation or digital badge if available.

5.5 NAT and ports

In this part you will see how the IP port address allows the router to separate traffic intended for different devices in its private LAN.

Now watch the video below, which is about 5 minutes long.

Note that at 02:41 the speaker says ‘would then be 192.168.1.100, port 4321’ but meant to say ‘would then be 192.168.0.100, port 4321’; and at 03:12 says ‘in my case, 192.168.100, port 4321’ but meant to say ‘in my case, 192.168.0.100, port 4321’.

NAT and ports

Download this video clip.Video player: 32_nat_and_ports.mp4
Copy this transcript to the clipboard
Print this transcript
Show transcript|Hide transcript
 
Interactive feature not available in single page view (see it in standard view).

The gateway router may be performing network address translation for many devices within a private LAN. To distinguish between streams of traffic intended for different devices, the router may change the IP port number as well as the IP address.

IP port numbers are used in normal IP traffic because a single device may have many different network streams operating at the same time; the port number can be used to separate packets destined for different applications (e.g. email or web browsing) or components (e.g. tabs in a web browser). Some well-known port numbers exist that must be preserved; for example port 80 is always used by HTTP traffic to request a web page from a web server. But for many purposes the port number is obtained at random from a pool, so there is no problem caused by replacing the port number by a different value.

IP port numbers and hardware ports

Note that the term port is used in two different senses in networking. The IP port number referred to here is a software device; it has no connection to a hardware port which is a socket into which a cable is plugged. But there is some similarity: different hardware ports are used for traffic from different devices, and different IP port numbers are used for traffic from different programs running on a single network device.

The router maintains a table of network address translations it has carried out. This records the original IP address and port, and the replacement IP address and port. A different port number is used for every network stream. When incoming packets arrive, the router will look up the port number in the table to find the appropriate reverse translation and then replace the IP address and port number before the packet is switched over the LAN.

Activity 7 Test yourself

5 minutes

Here is a NAT table which has entries for several current streams of network traffic. It shows the addresses of both ends of the stream, one of which is inside the LAN while the other is outside on the internet. For the inside, both the original private and translated public address for the device are shown.

Inside: private addressInside: translated addressOutside address
192.168.3.10:51562203.0.113.56:55628137.108.200.90:80
192.168.3.23:53245203.0.113.56:54602137.108.200.90:80
192.168.3.45:63156203.0.113.56:53899151.101.64.81:80
192.168.3.36:51874203.0.113.56:57978151.101.64.81:80

Traffic leaving the LAN

Some IP packets arrive at the router from the LAN for destinations on the internet. Translate the original private addresses to the appropriate source address so that the IP packet can be routed onto the internet.

Using the following two lists, match each numbered item with the correct letter.

  1. IP packet source: 203.0.113.56:55628

  2. IP packet source: 203.0.113.56:54602

  3. IP packet source: 203.0.113.56:53899

  4. IP packet source: 203.0.113.56:57978

  • a.Inside private address: 192.168.3.36:51874

  • b.Inside private address: 192.168.3.45:63156

  • c.Inside private address: 192.168.3.10:51562

  • d.Inside private address: 192.168.3.23:53245

The correct answers are:
  • 1 = c
  • 2 = d
  • 3 = b
  • 4 = a

Discussion

In this activity you are carrying out network address translation by hand for packets leaving the LAN.

Packets from the LAN arrive at the router with the source address of the sending device; this is a private address and needs to be replaced by the address of the router itself. The port address may also change to ensure that streams of traffic are kept separate. By looking up the private IP address and port number in the table, you can identify the translation needed to give the new source IP address and port number. For example, packets sent originally by 192.168.3.10:51562 should have their source address translated to 203.0.113.56:55628 before being routed on to the internet. The address 203.0.113.56 is the external IP address of the router; 55628 has been (randomly) allocated to identify this stream of network traffic.

Traffic arriving at the LAN

IP packets are also returning to the router from the internet. Replace the destination addresses in the IP packet with that of the intended device on the LAN.

Using the following two lists, match each numbered item with the correct letter.

  1. Inside private address: 192.168.3.10:51562

  2. Inside private address: 192.168.3.23:53245

  3. Inside private address: 192.168.3.45:63156

  4. Inside private address: 192.168.3.36:51874

  • a.IP packet destination: 203.0.113.56:57978

  • b.IP packet destination: 203.0.113.56:55628

  • c.IP packet destination: 203.0.113.56:53899

  • d.IP packet destination: 203.0.113.56:54602

The correct answers are:
  • 1 = b
  • 2 = d
  • 3 = c
  • 4 = a

Discussion

In this activity you are carrying out the reverse step of network address translation by hand.

Packets from the internet arrive at the router with a destination address of the router itself but need to be delivered to devices on the LAN. By looking up the port number in the table, you can identify which private address needs to be placed in the packet to deliver it to the intended destination. For example, packets arriving at the router with the destination address 203.0.113.56:55628 need to have this address changed to 192.168.3.23:51562 to be delivered to the correct device on the LAN.