14  Network address translation

  • You have already come across NAT [Tip: hold Ctrl and click a link to open it in a new tab. (Hide tip)] while learning about IP packet forwarding. Here you will learn about it in more detail to see how a router can provide NAT for multiple devices within the LAN.
  • Home routers use a private IPv4 address range for devices within the home network. A private address cannot be routed over the Internet as it is used in millions of other networks across the world, and is therefore not unique.
  • However, you will have a unique, public IP address assigned to your home router on the interface that connects to the Internet service provider. This is shown as in the diagram below:
Figure 31
  • The idea of NAT is to convert the source address from all outgoing LAN packets into the unique public address assigned to the home router, and vice versa for incoming packets from the Internet. You learnt about this previously in the context of a home network with only one PC. Here you will learn how NAT operates when there are multiple devices using a single public IP address as their source address.
  • The image below shows packets transmitted from PC1 and PC2 towards a web server, which need to be routed towards the Internet by the home router:
  • Note that both packets have private IP source addresses, which cannot be routed towards the public IP address of the web server. The packet encapsulates a TCP segment, which uses port numbers to identify the application layer protocols carried in the segment.
  • PC1 selects a random source port (2000), and a well-known destination port (DP) of 80, as it is communicating via HTTP with a web server.
  • PC2 selects a random source port (3000), and a well-known destination port of 80, as it is also communicating via HTTP with the same web server.
  • The packets are received by the home router, which performs NAT, converting the source addresses to its own Wide Area Network (WAN) interface public IP address ( It also notes the source ports used in both packets and records them in its NAT table:
  • The publicly addressed packets are forwarded through the Internet to the destination web server, which establishes two TCP connections with what it believes is the same device using two different source ports. It returns the requested webpage in a series of packets to the two different TCP destination ports:
  • The returned IP packets are addressed with the web server as the source and the public address of the home router WAN interface as the destination. The TCP port numbers have also been reversed, with port 80 indicating the segment is from a web server, and port 2000 and 3000 identifying the ports used by PC1 and PC2 respectively.
  • The home router accepts the incoming packets. It examines the destination ports and tries to match them with the source ports it has recorded in its NAT table in order to replace the public source address with the correct, private IP address for PC1 or PC2:
  • Because NAT mapped source port 2000 to IP address, the packet with destination port 2000 will have its destination IP address changed to and will be forwarded to PC1.
  • Because NAT mapped source port 3000 to IP address, the packet with destination port 3000 will have its destination address changed to, and will be forwarded to PC2.
  • Using port numbers within the home router NAT process is essential, as it allows translation to occur for multiple devices.

15  Activities